CVE-2018-14631: Cross-site Scripting

September 17, 2018 (updated October 9, 2019)

Moodle is vulnerable to a boost theme; the blog search GET parameter is insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62857
www.securityfocus.com/bid/105371
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14631
moodle.org/mod/forum/discuss.php?d=376025
nvd.nist.gov/vuln/detail/CVE-2018-14631

Code Behaviors & Features

Detect and mitigate CVE-2018-14631 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →