moodle/moodle is vulnerable to cross-site scripting (XSS). A remote attacker is able to inject arbitrary Javascript into a user’s browser via the user’s email, causing the payload to be rendered and executed on pages that displays the malicious email address.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.7.2 |