CVE-2018-14631

by Fred · 17/09/2018

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme – blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.

Date published : 2018-09-17

http://www.securityfocus.com/bid/105371

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857

CVE-2018-14631

Similar

Recent Posts

Categories

CVE-2018-14631

Share this:

Similar

Recent Posts

Categories

Tags