Moodle 2.8.x < 2.8.10 / 2.9.x < 2.9.4 / 3.0.x < 3.0.2 XSS

ID 9192.PRM
Type nessus
Reporter Tenable
Modified 2019-03-06T00:00:00


Moodle, an open-source course management system, installed on the remote host is version 2.8.x prior to 2.8.10, or 2.9.x prior to 2.9.4, or 3.0.x prior to 3.0.2, and is affected by a flaw that allows a cross-site scripting (XSS) attack. This flaw exists because the '/moodle/course/management.php' script does not validate the 'search' parameter before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user's browser session within the trust relationship between their browser and the server.

                                            Binary data 9192.prm