HTML Block Vulnerability in Moodle 3.x by Moodle
CVE-2018-1136

4.3MEDIUM

Key Information:

Vendor: Moodle
Status: Moodle 3.x Unknown
Vendor: CVE Published:; 25 May 2018

Summary

An issue was identified in Moodle 3.x that allows authenticated users to add HTML blocks containing scripts to their personal Dashboards. This typically poses no security risk as the Dashboard is private to the user. However, exploiting this vulnerability permits these users to transfer such blocks to shared pages, making them visible to other users. Consequently, this opens the door for potential script injection vulnerabilities, compromising the application's integrity and user data.

Affected Version(s)

Moodle 3.x unknown Moodle 3.x unknown

References

http://www.securityfocus.com/bid/104307

vdb-entryx_refsource_BID

https://moodle.org/mod/forum/discuss.php?d=371202

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
May 25, 2018
Vulnerability Reserved
Dec 4, 2017