CVE-2022-45151 in Moodle
Summary
by MITRE • 11/23/2022
The stored-XSS vulnerability was discovered in Moodle which exists due to insufficient sanitization of user-supplied data in several "social" user profile fields. An attacker could inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 09/05/2025
The stored cross-site scripting vulnerability identified as CVE-2022-45151 represents a critical security flaw within the Moodle learning management system that stems from inadequate input validation mechanisms. This vulnerability specifically affects social user profile fields where users can store personal information such as bio descriptions, interests, or other interactive profile components. The flaw allows attackers to inject malicious scripts that persist in the system and execute automatically when other users view the compromised profile information, creating a persistent threat vector that can affect multiple users within the platform.
The technical implementation of this vulnerability resides in the insufficient sanitization of user-supplied data within Moodle's profile management subsystem. When users input content into social profile fields, the application fails to properly validate or escape potentially dangerous characters and script tags before storing them in the database. This weakness directly maps to CWE-79 - Improper Neutralization of Input During Web Page Generation, which specifically addresses the failure to sanitize user input that can lead to cross-site scripting attacks. The vulnerability creates a persistent threat because the malicious code is stored server-side rather than being reflected in a single request, making it particularly dangerous for widespread impact.
The operational impact of CVE-2022-45151 extends beyond simple script execution, as it can enable attackers to perform a wide range of malicious activities including session hijacking, credential theft, and data exfiltration. When compromised users browse profile pages containing the injected scripts, their browsers execute the malicious code in the context of the vulnerable Moodle website, potentially allowing attackers to steal session cookies, redirect users to malicious sites, or even inject additional malicious content. This vulnerability particularly affects educational institutions that rely heavily on Moodle for their learning management, as it can compromise the security of thousands of users simultaneously.
Mitigation strategies for this vulnerability should focus on implementing comprehensive input sanitization and output encoding mechanisms throughout the Moodle platform. Organizations should immediately apply the vendor-provided security patches and updates to address the vulnerability. Additionally, administrators should implement strict input validation for all user profile fields, employ Content Security Policy headers, and consider implementing web application firewalls to detect and block suspicious script injections. The remediation process should also include user education about the risks of entering untrusted content in profile fields and regular security audits of user-generated content. This vulnerability aligns with ATT&CK technique T1566.001 - Phishing: Spearphishing Attachment, as it can be exploited through social engineering to inject malicious content into user profiles that then executes when other users view them, creating a persistent phishing vector within the educational environment.