5 matches found
BIT-MOODLE-2021-27131
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting XSS due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by...
GHSA-W2PM-FR62-JGV4 Moodle vulnerable to stored Cross-site Scripting
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting XSS due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability may lead an attacker to steal admin and all user account cookies by storin...
CVE-2021-27131
Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting XSS due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookies by...
Cross site scripting
DISPUTED Moodle 3.10.1 is vulnerable to persistent/stored cross-site scripting XSS due to the improper input sanitization on the "Additional HTML Section" via "Header and Footer" parameter in /admin/settings.php. This vulnerability is leading an attacker to steal admin and all user account cookie...
CVE-2021-20183
It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries...