PatchSiren cyber security CVE debrief
CVE-2022-50943 Git CVE debrief
CVE-2022-50943 is an unauthenticated cross-site scripting issue reported in Moodle LMS 4.0. According to the CVE description and NVD metadata, malicious input submitted through the search parameter in course/search.php can be processed as script, enabling arbitrary JavaScript execution in a victim's browser and potential session-cookie theft. The NVD record classifies the weakness as CWE-79 and rates it Medium (CVSS 5.1).
- Vendor
- Git
- Product
- Unknown
- CVSS
- MEDIUM 5.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-10
- Original CVE updated
- 2026-05-10
- Advisory published
- 2026-05-10
- Advisory updated
- 2026-05-10
Who should care
Moodle administrators, web application security teams, and anyone operating user-facing LMS instances where course/search.php is reachable by browsers.
Technical summary
The record describes a browser-side script injection issue tied to the search parameter in course/search.php. The vulnerability is unauthenticated and requires user interaction, matching the supplied CVSS vector. NVD lists the weakness as CWE-79 (Cross-Site Scripting). The provided description says an attacker could execute arbitrary JavaScript in users' browsers and potentially steal session cookies.
Defensive priority
Medium. It is unauthenticated and can impact user sessions, but the supplied CVSS score is 5.1 and the record does not indicate active exploitation or KEV inclusion.
Recommended defensive actions
- Review whether any deployed Moodle LMS 4.0 instances are exposed to untrusted users.
- Check official Moodle security guidance for updates or mitigations addressing this XSS condition.
- Apply available Moodle updates or security patches that address the issue.
- Verify that user-supplied search input is correctly encoded or sanitized in the affected workflow.
- Use layered browser-side protections such as output encoding checks, a restrictive Content Security Policy, and hardened session-cookie settings.
- Monitor for anomalous browser-side behavior, unexpected script execution, or reports of session abuse.
Evidence notes
The CVE description states that Moodle LMS 4.0 has a cross-site scripting vulnerability in course/search.php reachable through the search parameter, with arbitrary JavaScript execution and possible cookie theft. NVD metadata classifies the weakness as CWE-79 and supplies CVSS v4.0 vector AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N with a score of 5.1 (Medium). The supplied references include the CVE record, NVD detail page, Moodle-related URLs, a VulnCheck advisory, and an Exploit-DB link. This debrief relies on the official CVE/NVD record and the supplied description, not on exploit content. The vendor field in the source data is low-confidence and marked for review.
Official resources
Published and modified in the supplied CVE timeline on 2026-05-10T13:16:31.997Z. The source item also records the vulnerability status as Received.