Moodle – Cross-site Scripting (XSS)

Description

Cross-site scripting (XSS) is a security vulnerability in web applications that is caused by unvalidated inputs from the user, which could allow an attacker to inject malicious Javascript code.

Bussines Impact

Cross-site scripting (XSS) can allow an attacker to run javascript code on the site which means he can change and manipulate the content of the site. when chained with more vulnerabilities, this attack could be a lot more dangerous and even cause situations like account takeover.

Recommendation

Updated to the latest version released by moodle.

Reference

https://docs.moodle.org/311/en/Upgrading

SQLI to RCE

How to preform SQLI TO RCE? One of the most interesting and important things about any site is the database. So, it’s important to protect

Read More »