Vulnerability Bulletins

MSA-22-0023: Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers


System information

   
Affected software PHP

Description

di Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066Tracker

More info:

https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793

Standar resources

Property Value
CVE CVE-2022-40313.

Version history

Version Comments Date
1.0 Advisory issued 2022-10-01
Ministerio de Defensa
CNI
CCN
CCN-CERT