CVE-2018-1136

State: PUBLISHED · Published: 2018-05-25 · Updated: 2024-08-05 · Assigner: redhat

Description

An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.

CWE

(none)

Affected

n/a / Moodle 3.x unknown — v=Moodle 3.x unknown [affected]

CVSS

(none)

References

http://www.securityfocus.com/bid/104307 vdb-entry, x_refsource_BID
https://moodle.org/mod/forum/discuss.php?d=371202 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2018/1xxx/CVE-2018-1136.json