Moodle – Cross-site Scripting (XSS)

Description

During the scan, Cytrix managed to find an XSS vulnerability inside the Moodle platform.
Cross-site scripting (XSS) is a security vulnerability in web applications that is caused by not properly validating inputs from the user, which could allow an attacker to inject malicious JavaScript code.

Cross-site scripting (XSS) can allow an attacker to run JavaScript code on the site which means he can change and manipulate the content of the site as he pleases.
When chained with more vulnerabilities, this attack could be a lot more dangerous and even cause situations like accounts takeovers.

Severity/Score

CVSS Version 3.x – 6.1 Medium

Recommendation

Update to the latest version released by Moodle.

References

https://docs.moodle.org/400/en/Upgrading
https://cwe.mitre.org/data/definitions/79.html

Moodle – Cross-site Scripting (XSS)

Description

Severity/Score

Recommendation

References

Possible Credit Card Number Disclosure

Internal IP Disclosure

External IP Disclosure

Moodle – Cross-site Scripting (XSS)

Description

Severity/Score

Recommendation

References

Possible Social Security Number Disclosure

Possible Credit Card Number Disclosure

Internal IP Disclosure

External IP Disclosure