8 matches found
BIT-MOODLE-2023-46858
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...
Moodle 4.3 - Reflected XSS Vulnerability
Exploit Title: Moodle 4.3 Reflected XSS Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given credentials USER: teach...
Moodle 4.3 - Insecure Direct Object Reference Vulnerability
Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the...
Moodle 4.3 Insecure Direct Object Reference
Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...
Moodle 4.3 - Reflected XSS
Exploit Title: Moodle 4.3 Reflected XSS Date: 21/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3 Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the application with the given...
Moodle 4.3 - Insecure Direct Object Reference
Exploit Title: Moodle 4.3 'id' Insecure Direct Object Reference IDOR Date: 20/10/2023 Exploit Author: tmrswrr Vendor Homepage: https://moodle.org/ Software Demo: https://school.moodledemo.net/ Version: 4.3+ Tested on: Linux Vulnerability Details ====================== Steps : 1. Log in to the...
CVE-2023-46858
Moodle 4.3 allows /grade/report/grader/index.php?searchvalue= reflected XSS when logged in as a teacher. NOTE: the Moodle Security FAQ link states "Some forms of rich content are used by teachers to enhance their courses ... admins and teachers can post XSS-capable content, but students can not."...
PT-2023-30245 · Moodle +1 · Moodle +1
Name of the Vulnerable Software and Affected Versions: Moodle version 4.3 Description: The issue allows for reflected XSS in the /grade/report/grader/index.php endpoint when the searchvalue parameter is used, and the user is logged in as a teacher. According to the Moodle Security FAQ, teachers c...