Sign In
Advisories

Moodle 3.10.3 - 'label' Persistent Cross Site Scripting

Go Back
severity
medium
date
Affecting

  • Moodle 3.10.3

CWE
  • CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CVSS
5.1
CVSS V4 Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:L/VI:L/VA:N/SC:L/SI:L/SA:N
Credit
Vincent666 ibn Winnie
Description
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the event.