moodle/moodle is vulnerable to cross-site scripting (XSS). The attack is possible because it does not escape the message
and moreinfourl
parameters in outputrenderers.php
, allowing an attacker to inject malicious scripts and thereby causing the payload to be rendered and executed when the error message and URL strings are displayed .
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.7.2 | |
moodle/moodle | le | 3.6.6 | |
moodle/moodle | le | 3.5.7 |