Description
An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
Remediation
References
Related Vulnerabilities
WordPress Plugin Store Locator for WordPress with Google Maps-LotsOfLocales SQL Injection (3.11)
MediaWiki Improper Restriction of Excessive Authentication Attempts Vulnerability (CVE-2020-25827)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (6.1.5)
Jenkins Other Vulnerability (CVE-2015-5319)
WordPress Plugin Download Plugin Arbitrary Directory Download (1.0.1)