Описание
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
Ссылки
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
- PatchVendor Advisory
- Third Party AdvisoryVDB Entry
- Issue TrackingPatchThird Party Advisory
- PatchVendor Advisory
Уязвимые конфигурации
Одно из
EPSS
8.8 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2
Дефекты
Связанные уязвимости
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost th ...
EPSS
8.8 High
CVSS3
6.1 Medium
CVSS3
4.3 Medium
CVSS2