Moodle Persistent Cross-site Scripting (XSS)

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

GHSA-Q6VW-27C6-JV9C Moodle Persistent Cross-site Scripting (XSS)

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

CVE-2019-18210

Persistent XSS in /course/modedit.php of Moodle through 3.7.2 allows authenticated users Teacher and above to inject JavaScript into the session of another user e.g., enrolled student or site administrator via the introeditortext parameter. NOTE: the discoverer and vendor disagree on whether Mood...

CVE-2019-18210

CVE-2019-18210 describes a persistent XSS in Moodle via the /course/modedit.php interface, exploitable through the introeditor[text] parameter. The issue affects Moodle up to version 3.7.2 (and earlier, per entries) where an authenticated user with Teacher role or higher can inject JavaScript tha...