Cross-site scripting vulnerability in moodle 3.2

There is a xss vulnerability in moodle 3.2 latest

In admin page Add a new course ,Course summary filter have xss vulnerability

payload :

<svg onload="alert('Coursesummary')"></svg>

couusexss.png

save and display  when we viste the main page there is a xss alert box


coursexss1.jpg



暂无评论

发布评论