Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-35653 - Vulnerability Database
Moodle

Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2022-35653

Medium
Reference: CVE-2022-35653
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2022-35653
Title: Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user39s browser in context of vulnerable website to steal potentially sensitive information change appearance of the web page can perform phishing and drive-by-download attacks. This vulnerability does not impact authenticated users.