Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
Moodle boost theme 安全漏洞
Vulnerability Description
Moodle是澳大利亚马丁-多基马(Martin Dougiamas)博士开发的一套免费、开源的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。boost theme是其中的一个主题组件。 Moodle 3.5.2之前版本、3.4.5之前版本和3.3.8之前版本中的boost theme存在安全漏洞,该漏洞源于程序没有充分的过滤‘search’参数。攻击者可借助恶意的链接利用该漏洞注入JavaScript代码。
CVSS Information
N/A
Vulnerability Type
N/A