Description
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
Remediation
References
Related Vulnerabilities
WordPress 'swfupload.swf' Cross-Site Scripting Vulnerability (2.5 - 3.3.1)
WordPress 4.7.x Multiple Vulnerabilities (4.7 - 4.7.26)
WordPress Plugin EZ Portfolio Multiple Cross-Site Scripting Vulnerabilities (1.0.1)
Drupal Core 6.x Multiple Vulnerabilities (6.0 - 6.27)
WordPress Plugin WP Live Chat Support Pro Arbitrary File Upload (8.0.06)