Description
Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' browsers and steal session cookies.
Published: 2026-05-10
Score: 5.1 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a client‑side cross‑site scripting flaw in Moodle LMS 4.0's course search page. Unauthenticated users can submit malicious scripts via the search field in course/search.php. When processed, the scripts run in the victim’s browser context, allowing the attacker to steal session cookies and other sensitive data. This can lead to account hijacking or further actions performed with the victim’s privileges.

Affected Systems

Affected products are Moodle LMS, specifically version 4.0. The flaw resides in the core course search functionality. No sub‑version or patch information is provided beyond the main release, so any deployment of Moodle 4.0 before the official fix is vulnerable.

Risk and Exploitability

The CVSS score of 5.1 indicates a medium impact; no EPSS data and absence from the CISA KEV catalog suggest limited known exploitation activity. However, the lack of authentication and the simplicity of the attack vector imply that a determined attacker could readily inject payloads from any client with network access to the web interface.

Generated by OpenCVE AI on May 10, 2026 at 13:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update Moodle to the latest stable release that contains the XSS fix (e.g., 4.0.x patch or newer).
  • If an immediate update is not possible, apply input sanitization or escape user‑provided search values before rendering them.
  • Implement a Content Security Policy header or deploy a Web Application Firewall to block or mitigate malicious script execution.

Generated by OpenCVE AI on May 10, 2026 at 13:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Sun, 10 May 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Moodle
Moodle moodle
Vendors & Products Moodle
Moodle moodle

Sun, 10 May 2026 12:45:00 +0000

Type Values Removed Values Added
Description Moodle LMS 4.0 contains a cross-site scripting vulnerability that allows unauthenticated attackers to inject malicious scripts by submitting payloads through the search parameter. Attackers can inject JavaScript code via the search field in course/search.php to execute arbitrary scripts in users' browsers and steal session cookies.
Title Moodle LMS 4.0 Cross-Site Scripting via course search.php
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N'}

cvssV4_0

{'score': 5.1, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N'}

Subscriptions

Moodle Moodle
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-05-10T12:12:44.418Z

Reserved: 2026-01-11T13:34:26.330Z

Link: CVE-2022-50943

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-10T13:16:31.997

Modified: 2026-05-10T13:16:31.997

Link: CVE-2022-50943

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-10T20:00:05Z

Weaknesses