CVE-2022-45150 is a reflected cross-site scripting (XSS) vulnerability identified in Moodle, a widely used open-source learning management system (LMS). The vulnerability arises from improper neutralization of user-supplied input within the policy tool component of Moodle. Specifically, insufficient sanitization allows an attacker to craft malicious URLs containing arbitrary HTML and JavaScript code. When a victim clicks such a specially crafted link, the malicious script executes in the context of the vulnerable Moodle website within the victim's browser. This reflected XSS attack vector does not require prior authentication but does require user interaction (clicking the malicious link). The vulnerability affects multiple Moodle versions prior to 4.0.5, 3.11.11, and 3.9.18, where patches have been applied. The CVSS v3.1 base score is 6.1 (medium severity), reflecting network attack vector, low attack complexity, no privileges required, but requiring user interaction. The impact includes potential theft of sensitive information such as session cookies, enabling session hijacking, unauthorized actions on behalf of the user, and modification of displayed web content. Although no known exploits are currently reported in the wild, the vulnerability's presence in a popular LMS platform used by educational institutions globally makes it a significant concern. The scope is limited to the Moodle web application and users who interact with malicious links. The reflected nature of the XSS means the attacker must entice users to click on malicious URLs, but the lack of authentication requirement broadens the potential victim pool. The vulnerability is categorized under CWE-79, indicating improper input sanitization during web page generation, a common and impactful web security flaw.

For European organizations, particularly educational institutions, universities, and training providers that rely on Moodle, this vulnerability poses a risk to confidentiality and integrity of user data. Attackers exploiting this flaw could steal session tokens or other sensitive information, leading to unauthorized access to user accounts, including those of students, faculty, and administrators. This could result in data leakage of personal information, academic records, or internal communications. Additionally, attackers could manipulate the content displayed to users, potentially spreading misinformation or phishing attempts within the trusted Moodle environment. The disruption of trust and potential data breaches could have regulatory implications under GDPR, leading to legal and reputational consequences. Since Moodle is widely adopted across Europe, the impact could be widespread if exploited at scale. The vulnerability does not directly affect availability but could indirectly cause service distrust or temporary access restrictions during remediation. The medium severity rating reflects the need for timely patching to prevent exploitation, especially given the user interaction requirement which can be mitigated through user awareness but not fully eliminated.

Apply the official Moodle patches by upgrading affected installations to versions 4.0.5, 3.11.11, or 3.9.18 or later as soon as possible to remediate the vulnerability. Implement web application firewall (WAF) rules that detect and block reflected XSS attack patterns targeting the policy tool URLs in Moodle. Conduct user awareness training focused on recognizing suspicious links and phishing attempts, emphasizing caution when clicking links received via email or messaging platforms. Review and harden Content Security Policy (CSP) headers for Moodle deployments to restrict execution of unauthorized scripts and reduce the impact of potential XSS payloads. Regularly audit Moodle logs for unusual URL access patterns or repeated attempts to exploit the policy tool component. Isolate Moodle instances with sensitive data behind additional authentication or network segmentation to limit exposure. Encourage administrators to monitor Moodle security advisories and subscribe to relevant vulnerability feeds for timely updates.