Moodle – Cross-site Scripting (XSS)

Description

During the scan, Kayran managed to find an XSS vulnerability inside the Moodle platform.
Cross-site scripting (XSS) is a security vulnerability in web applications that is caused by not properly validating inputs from the user, which could allow an attacker to inject malicious JavaScript code.

Cross-site scripting (XSS) can allow an attacker to run JavaScript code on the site which means he can change and manipulate the content of the site as he pleases.
When chained with more vulnerabilities, this attack could be a lot more dangerous and even cause situations like accounts takeovers.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Update to the latest version released by Moodle.

References

https://docs.moodle.org/400/en/Upgrading

https://cwe.mitre.org/data/definitions/79.html

< Return to all Vulnerabilities

HAR Files

In this article, I’ll talk and explain about HAR Files, so if you don’t know what they are, or, what do we use them for,

Read More »

The Cloud

I’m pretty sure there isn’t a single adult in the world who hasn’t at least heard of The Cloud. Explaining “The Cloud” in 2022 may

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Servers 101

Let’s have a “quick” Servers 101 Course. Courtesy of Kayran! If you’ve been on the internet for over an hour, you probably already heard of

Read More »