An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2018-05-25T12:00:00

Updated: 2024-08-05T03:51:48.694Z

Reserved: 2017-12-04T00:00:00

Link: CVE-2018-1136

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-05-25T12:29:00.370

Modified: 2019-10-03T00:03:26.223

Link: CVE-2018-1136

cve-icon Redhat

No data.