CVE-2022-40313 | Mend Vulnerability Database

Vulnerability DatabaseCVE-2022-40313

CVE-2022-40313

September 30, 2022

Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.

Related Resources (4)

https://bugzilla.redhat.com/show_bug.cgi?id=2128146

https://moodle.org/mod/forum/discuss.php?d=438392

https://github.com/moodle/moodle

https://nvd.nist.gov/vuln/detail/CVE-2022-40313

Do you need more information?

CVSS v4

Base Score:

5.3

Attack Vector

NETWORK

Attack Complexity

LOW

Attack Requirements

NONE

Privileges Required

NONE

User Interaction

PASSIVE

Vulnerable System Confidentiality

LOW

Vulnerable System Integrity

LOW

Vulnerable System Availability

LOW

Subsequent System Confidentiality

LOW

Subsequent System Integrity

LOW

Subsequent System Availability

LOW

CVSS v3

Base Score:

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

LOW

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

EPSS

Base Score:

0.43

Products

Solutions

Resources

Company

Compare

Developer Tools