VULHUB ™

Two input validation vulnerabilities reportedly affect Moodle. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating web content or loading scripts. The first issue is a cross-site scripting vulnerability. The second issue is a directory traversal issue that may allow attackers to gain access to session data. An attacker may leverage these issues to execute arbitrary client-side script code in the browsers of unsuspecting users through cross-site scripting attacks and gain access to sensitive session credentials through directory traversal attacks. Other attacks are also possible.

Two input validation vulnerabilities reportedly affect Moodle. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in application-critical actions such as generating web content or loading scripts. The first issue is a cross-site scripting vulnerability. The second issue is a directory traversal issue that may allow attackers to gain access to session data. An attacker may leverage these issues to execute arbitrary client-side script code in the browsers of unsuspecting users through cross-site scripting attacks and gain access to sensitive session credentials through directory traversal attacks. Other attacks are also possible.