1. Home
  2. CVE Database
  3. CVE-2022-45150
MEDIUM · 6.1

CVE-2022-45150

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to ope...

Vulnerability Description

A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.

CVSS Score

6.1

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality
LOW
Integrity
LOW
Availability
NONE

Affected Products

VendorProductVersions
MoodleMoodle>= 3.9.0, < 3.9.18
FedoraprojectFedora35

Related Weaknesses (CWE)

CWE-79

References

FAQ

What is CVE-2022-45150?

CVE-2022-45150 is a vulnerability with a CVSS score of 6.1 (MEDIUM). A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to ope...

How severe is CVE-2022-45150?

CVE-2022-45150 has been rated MEDIUM with a CVSS base score of 6.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-45150?

Check the references section above for vendor advisories and patch information. Affected products include: Moodle Moodle, Fedoraproject Fedora.