54 matches found
CVE-2018-14631
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user...
CVE-2018-14631
CVE-2018-14631 affects Moodle before versions 3.5.2, 3.4.5, and 3.3.8. The vulnerability arises in the Boost theme’s blog search: the GET parameter used for search is not sufficiently filtered, and the breadcrumb navigation rendered for search results can be exploited to perform a reflected Cross...
nagaokakoumuten.com XSS vulnerability
Open Bug Bounty ID: OBB-677277 Description| Value ---|--- Affected Website:| nagaokakoumuten.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
moodle -- multiple vulnerabilities
moodle reports: Moodle XML import of ddwtos could lead to intentional remote code execution QuickForm library remote code vulnerability upstream Boost theme - blog search GET parameter insufficiently filtered...
yasarkizilkum.com.tr XSS vulnerability
Open Bug Bounty ID: OBB-672518 Description| Value ---|--- Affected Website:| yasarkizilkum.com.tr Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
Unauthorized Blog Search
Moodle is vulnerable to unauthorized blog searches. There is a missing capability check that allows users to search blogs without permission...
UBUNTU-CVE-2017-7490
In Moodle 2.x and 3.x, searching of arbitrary blogs is possible because a capability check is missing...
CVE-2017-7490
CVE-2017-7490 affects Moodle 2.x and 3.x. The vulnerability arises from a missing capability check that enables searching of arbitrary blogs, exposing potential information that should be restricted. The provided documents describe the flaw as a capability check omission but do not supply additio...
oknation.nationtv.tv XSS vulnerability
Vulnerable URL: http://oknation.nationtv.tv/blog/searchblogindex.php?keyword=tsetprompt/OPENBUGBOUNTY/...
domo.com XSS vulnerability
Vulnerable URL: https://www.domo.com/blog/?s=alert/OPENBUGBOUNTY/...
kkpp.blox.pl XSS vulnerability
Vulnerable URL: http://kkpp.blox.pl?page=blogPublicSearch= blogPublicSearch'A Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Check...
Cross-Site Scripting Vulnerability in DotCMS Blog Search Page
DotCMS is a content management system CMS from the American company DotCMS. The system supports RSS feeds , blogs , forums and other modules , and is easy to extend and build features . A cross-site scripting vulnerability exists in DotCMS version 3.3, which originates from the blogs/ page in the...
doomby.com XSS vulnerability
Vulnerable URL: http://www.doomby.com/blog/do/search?q=%3C/title%3E%3Cimg%20src=x%20onerror=prompt%28/XSSPOSED/%29%3E Details: Description| Value ---|--- Patched:| Yes, at 21.11.2015 Latest check for patch:| 21.11.2015 22:00 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
[SECURITY] Fedora 11 Update: drupal-service_links-6.x.1.0-5.fc11
The service links module enables admins to add links to a number of social bookmarking sites, blog search sites etc. Includes sites are del.icio.us, Digg, Reddit, ma.gnolia.com, Newsvine, Furl, Google, Yahoo, Technorati and IceRocket...