CVE-2022-45151

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2022-45151
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45151.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2022-45151
Aliases
Downstream
Published
2022-11-23T15:15:10.923Z
Modified
2025-11-14T13:53:21.576335Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Introduced
94f2d3fc4b974c5c7d500988c56b7ca15f58d7ec
Fixed
becbdd847ddac6ebaf8c9327ba523e5db95bb64c

Affected versions

v3.*

v3.11.0
v3.11.1
v3.11.10
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-45151.json"