An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2018-05-25T12:00:00
Updated: 2024-08-05T03:51:48.694Z
Reserved: 2017-12-04T00:00:00
Link: CVE-2018-1136
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2018-05-25T12:29:00.370
Modified: 2019-10-03T00:03:26.223
Link: CVE-2018-1136
Redhat
No data.