Insufficient Filtering in Moodle Boost Theme's Blog Search Parameter Allows Reflected XSS

Insufficient Filtering in Moodle Boost Theme's Blog Search Parameter Allows Reflected XSS

CVE-2018-14631 · MEDIUM Severity

AV:N/AC:M/AU:N/C:N/I:P/A:N

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.

Learn more about our User Device Pen Test.