Описание
Moodle Cross-site Scripting vulnerability
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
Пакеты
moodle/moodle
< 3.9.19
3.9.19
moodle/moodle
>= 3.10.0, < 3.11.12
3.11.12
moodle/moodle
>= 4.0.0-beta, < 4.0.6
4.0.6
moodle/moodle
>= 4.1.0-beta, < 4.1.1
4.1.1
Связанные уязвимости
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability was found Moodle which exists due to insufficient sa ...
Уязвимость виртуальной обучающей среды Moodle, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)
