CVE-2018-14631: Cross-site Scripting
(updated )
Moodle is vulnerable to a boost theme; the blog
search GET parameter is insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search
parameter.
References
Detect and mitigate CVE-2018-14631 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →