JavaScript Execution Vulnerability in Moodle

JavaScript Execution Vulnerability in Moodle

CVE-2018-10891 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

A flaw was found in moodle before versions 3.5.1, 3.4.4, 3.3.7, 3.1.13. When a quiz question bank is imported, it was possible for the question preview that is displayed to execute JavaScript that is written into the question bank.

Learn more about our Web Application Penetration Testing UK.