← back
CVE-2022-50943

Moodle LMS 4.0 Cross-Site Scripting via course search.php

CVSS 5.1 MEDIUMEPSS 0.3%CWE-79
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' browsers and steal session cookies.
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N
Affected products
Moodle · Moodle LMS
public PoCs found1
cve_referencewww.exploit-db.com/exploits/51115unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://git.in.moodle.com/moodlehttps://moodle.org/https://www.exploit-db.com/exploits/51115https://www.vulncheck.com/advisories/moodle-lms-cross-site-scripting-via-course-search-php