CVE-2022-40313: XSS
First published: Tue Sep 20 2022(Updated: )
Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an Cross-site Scripting risk or a page failing to load.
Credit: patrick@puiterwijk.org patrick@puiterwijk.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Moodle Moodle | >=3.9.0<3.9.17 | |
| Moodle Moodle | >=3.11.0<3.11.10 | |
| Moodle Moodle | >=4.0.0<4.0.4 | |
| Fedoraproject Extra Packages For Enterprise Linux | =8.0 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| composer/moodle/moodle | >=4.0<4.0.4 | 4.0.4 |
| composer/moodle/moodle | >=3.11<3.11.10 | 3.11.10 |
| composer/moodle/moodle | >=3.9<3.9.17 | 3.9.17 |
| >=3.9.0<3.9.17 | ||
| >=3.11.0<3.11.10 | ||
| >=4.0.0<4.0.4 | ||
| =8.0 | ||
| =35 | ||
| =36 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://access.redhat.com/security/cve/CVE-2022-40313
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2128148
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2128149
- https://bugzilla.redhat.com/show_bug.cgi?id=2128146
- https://moodle.org/mod/forum/discuss.php?d=438392
- https://nvd.nist.gov/vuln/detail/CVE-2022-40313
- https://github.com/advisories/GHSA-jqgr-gh62-jf53 (Advisory)
Frequently Asked Questions
What is CVE-2022-40313?
CVE-2022-40313 is a vulnerability that allows recursive rendering of Mustache template helpers containing user input, potentially resulting in an XSS risk or a page failing to load.
What is the severity of CVE-2022-40313?
The severity of CVE-2022-40313 is high with a severity value of 7.1.
Which software is affected by CVE-2022-40313?
The affected software includes Moodle versions 3.9.0 to 3.9.17, 3.11.0 to 3.11.10, and 4.0.0 to 4.0.4, as well as Fedora Project Extra Packages For Enterprise Linux 8.0, Fedora 35, and Fedora 36.
How can CVE-2022-40313 be fixed?
To fix CVE-2022-40313, users should update their Moodle software to a secure version and apply any necessary patches or updates provided by the vendor.
Where can I find more information about CVE-2022-40313?
More information about CVE-2022-40313 can be found on the Red Hat Security website, Moodle Git repository, and Bugzilla.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-jqgr-gh62-jf53
- alias/CVE-2022-40313
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/severity
- agent/remedy
- agent/references
- agent/description
- agent/author
- agent/softwarecombine
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- agent/weakness
- collector/nvd-cve
- source/NVD
- collector/github-advisory
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/moodle
- canonical/moodle moodle
- version/moodle moodle/3.9.0
- version/moodle moodle/3.11.0
- version/moodle moodle/4.0.0
- vendor/fedoraproject
- canonical/fedoraproject extra packages for enterprise linux
- version/fedoraproject extra packages for enterprise linux/8.0
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- package-manager/composer