Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Moodle PDF Annotator plugin v1.5 release 9 allows stored cross-site scripting (XSS) via the Public Comments feature. An attacker with a low-privileged account (e.g., Student) can inject arbitrary JavaScript payloads into a comment. When any other user (Student, Teacher, or Admin) views the annotated PDF, the payload is executed in their browser, leading to session hijacking, credential theft, or other attacker-controlled actions.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Moodle PDF Annotator plugin 安全漏洞
Vulnerability Description
Moodle PDF Annotator plugin是Moodle开源的一个教学插件。 Moodle PDF Annotator plugin 1.5 release 9版本存在安全漏洞,该漏洞源于公共评论功能未正确过滤输入,可能导致存储型跨站脚本攻击。
CVSS Information
N/A
Vulnerability Type
N/A