CVE-2022-45151
Moodle stored-XSS vulnerability in some "social" user profile fields
5.4
MEDIUM
CVSS 3.1
EPSS 0.29%
Description
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
How to fix CVE-2022-45151
To remediate CVE-2022-45151, upgrade the affected package to a fixed version below.
- —upgrade to 3.11.11 or later
- —upgrade to 3.11.11 or later
Is CVE-2022-45151 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 3.11.0, < 3.11.11, >= 4.0.0, < 4.0.5
- >= 3.11, < 3.11.11
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |