CVE-2022-30596: 
PHP vulnerability analysis and mitigation

A stored XSS vulnerability (CVE-2022-30596) was discovered in Moodle that affected the bulk marker allocation form for assignments. The vulnerability was discovered in May 2022 and affected Moodle versions 4.0, 3.11 to 3.11.6, 3.10 to 3.10.10, 3.9 to 3.9.13, and earlier unsupported versions. The issue was reported by Paul Holden and required additional sanitizing of ID numbers displayed when bulk allocating markers to assignments (Moodle Forum).

The vulnerability was identified as a stored Cross-Site Scripting (XSS) risk in the assignment bulk marker allocation form, specifically related to the display of user ID numbers. The issue required additional sanitization of input fields to prevent potential XSS attacks. The severity was rated as Minor according to Moodle's security assessment (Moodle Forum).

The vulnerability could allow an attacker to execute malicious scripts through stored XSS in the assignment bulk marker allocation form, potentially compromising user data or performing unauthorized actions in the context of other users' sessions (NVD).

The vulnerability was fixed in Moodle versions 4.0.1, 3.11.7, 3.10.11, and 3.9.14. Users are advised to upgrade to these or later versions to mitigate the risk. The fix involved implementing additional sanitization for ID numbers displayed in the bulk marker allocation form (Moodle Forum).