Security
Headlines
HeadlinesLatestCVEs

Headline

GHSA-w2pm-fr62-jgv4: Moodle vulnerable to stored Cross-site Scripting

Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the “Additional HTML Section” via “Header and Footer” parameter in /admin/settings.php. This vulnerability may lead an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.

ghsa
Open in Source
#xss#vulnerability#git#php

Moodle vulnerable to stored Cross-site Scripting

Moderate severity GitHub Reviewed Published May 16, 2023 to the GitHub Advisory Database • Updated May 17, 2023

Related news

CVE-2021-27131: CVEs-Assigned/Moodle-3.10.1-CVE-2021-27131.md at master · p4nk4jv/CVEs-Assigned

Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting (XSS) due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by storing the malicious XSS payload in Header and Footer.

ghsa: Latest News

GHSA-x7m9-mv49-fv73: Vaultwarden vulnerable to user impersonation
ghsa