Vulnerability Bulletins

MSA-22-0010: Stored XSS in assignment bulk marker allocation form via user ID number


System information

   
Affected software PHP

Description

by Michael Hawkins. ID numbers displayed when bulk allocating markers to assignments required additional sanitizing to prevent a stored XSS risk.Severity/Risk:MinorVersions affected:4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13 and earlier unsupported versionsVersions fixed:4.0.1, 3.11.7, 3.10.11 and 3.9.14Reported by:Paul HoldenCVE identifier:CVE-2022-30596Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74204Tracker issue:MDL-74204

More info:

https://moodle.org/mod/forum/discuss.php?d=434578&parent=1748722

Standar resources

Property Value
CVE CVE-2022-30596.

Version history

Version Comments Date
1.0 Advisory issued 2022-05-18
Ministerio de Defensa
CNI
CCN
CCN-CERT