Back to search
CVE-2018-1136
Published: May 25, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
| Vendor | Product | Versions |
|---|---|---|
n/a | Moodle 3.x unknown | affected Moodle 3.x unknown |
References
104307
vdb-entry
x_refsource_BID
https://moodle.org/mod/forum/discuss.php?d=371202
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now