N/A

A vulnerability was found in moodle before versions 3.6.3, 3.5.5, 3.4.8 and 3.1.17. Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.

N/A

在Web页面生成时对输入的转义处理不恰当(跨站脚本)

Moodle 安全漏洞

Moodle是一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle中存在安全漏洞。攻击者可利用该漏洞执行任意代码/命令。以下版本受到影响：Moodle 3.6版本至3.6.2版本，3.5版本至3.5.4版本，3.4版本至3.4.7版本，3.1版本至3.1.16版本及不再支持的老版本。

N/A

N/A