Description
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.
Remediation
References
Related Vulnerabilities
WordPress Plugin Arlo training and event management system Cross-Site Scripting (2.1.7.1)
Moodle Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-36396)
Moodle CVE-2024-25979 Vulnerability (CVE-2024-25979)
WordPress Plugin Meta Box-WordPress Custom Fields Framework Arbitrary File Deletion (4.16.2)