CVE-2022-50943
Cross-Site Scripting in Moodle LMS 4.0 via Search Parameter
Publication date: 2026-05-10
Last updated on: 2026-05-10
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| moodle | moodle | 4.0 |
| moodle | moodle_lms | 4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-79 | The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2022-50943 is a cross-site scripting (XSS) vulnerability in Moodle LMS version 4.0. It allows unauthenticated attackers to inject malicious JavaScript code through the search parameter in the course/search.php file.
When a user accesses the search functionality, the injected script can execute arbitrary code in the user's browser.
This happens because the input from the search parameter is not properly neutralized before being included in the web page.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This cross-site scripting (XSS) vulnerability in Moodle LMS 4.0 allows attackers to execute arbitrary scripts in users' browsers and steal session cookies, which can lead to unauthorized access to user data.
Such unauthorized access and potential data theft can negatively impact compliance with data protection regulations like GDPR and HIPAA, which require safeguarding personal and sensitive information against unauthorized disclosure.
Specifically, the vulnerability could lead to breaches of confidentiality and integrity of user data, which are core requirements under these standards.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include restricting access to the vulnerable search functionality, applying input validation or sanitization on the search parameter, and updating Moodle LMS to a version where this vulnerability is fixed.
Since the vulnerability allows unauthenticated attackers to inject scripts, it is critical to patch the system as soon as a fix is available or implement web application firewall (WAF) rules to block malicious payloads targeting the search parameter.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary scripts in the browsers of users who visit the affected search page.
Such scripts can steal session cookies, which may lead to session hijacking and unauthorized access to user accounts.
Attackers could potentially perform other malicious actions on behalf of the user, compromising the security and privacy of affected users.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by testing the search parameter in the course/search.php file of Moodle LMS 4.0 for cross-site scripting (XSS) payloads. Specifically, sending crafted requests with JavaScript code in the search parameter and observing if the script executes in the browser indicates the presence of the vulnerability.
A practical approach is to use tools like curl or a web proxy to send HTTP requests with XSS payloads to the vulnerable endpoint and check for script execution or reflected input.
- Example curl command to test the vulnerability: curl -v "http://<moodle-server>/course/search.php?search=<script>alert('XSS')</script>"
- Use a browser or automated scanner to verify if the alert box or injected script executes when accessing the URL.