Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Moodle: moodle: cross-site scripting vulnerability via inadequate input filtering in formula editor
Vulnerability Description
A flaw was found in moodle. This vulnerability, known as Cross-Site Scripting (XSS), occurs due to insufficient checks on user-provided data in the formula editor's arithmetic expression fields. A remote attacker could inject malicious code into these fields. When other users view these expressions, the malicious code would execute in their web browsers, potentially compromising their data or leading to unauthorized actions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Vulnerability Title
Moodle 安全漏洞
Vulnerability Description
Moodle是Moodle开源的一套免费的电子学习软件平台,也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle存在安全漏洞,该漏洞源于公式编辑器的算术表达式字段对用户提供的数据检查不足,可能导致跨站脚本攻击、数据泄露或未经授权的操作。
CVSS Information
N/A
Vulnerability Type
N/A