2 matches found
Moodle 安全漏洞
Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from an insufficient capability check, which can be exploited by an attacker ...
Rocket.Chat: CSS Injection in Message Avatar
The custom message avatars in the Meteor.method "sendMessage" can contain inline CSS that influences the resulting HTML element rendering. Escaping the input with "none;" allows further CSS to be applied to the elements inline styles, without requiring certain characters such as whitespace...