header-logo
Suggest Exploit
vendor:
Moodle
by:
UVision
8.8
CVSS
HIGH
Persistent Cross Site Scripting
79
CWE
Product Name: Moodle
Affected Version From: 3.10.3
Affected Version To: 3.10.3
Patch Exists: YES
Related CWE: N/A
CPE: a:moodle:moodle:3.10.3
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: Debian/Windows 10
2021

Moodle 3.10.3 – ‘url’ Persistent Cross Site Scripting

By having the role of a teacher or an administrator or a manager (to have the possibility to create a course): Create a new course, give any name, short name, date and other things required. In 'Description' field, click on the 'link' button. In the url field, enter the payload: <img src=1 href=1 onerror='javascript:alert(1)'></img>. Create the link, an alert window appears (close it several times so that it disappears), save the course. Each time the course description is displayed, the stored xss is activated: activate it by viewing the course, by modifying it, etc.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in the application.
Source

Exploit-DB raw data:

# Exploit Title: Moodle 3.10.3 - 'url' Persistent Cross Site Scripting
# Date: 22/04/2021
# Exploit Author: UVision
# Vendor Homepage: https://moodle.org/
# Software Link: https://download.moodle.org
# Version: 3.10.3
# Tested on: Debian/Windows 10

By having the role of a teacher or an administrator or a manager (to have the possibility to create a course): 

- Create a new course (http://localhost/moodle/course/edit.php?category=1&returnto=topcat)
- Give any name , short name, date and other things required.
- In "Description" field, click on the "link" button
- In the url field, enter the payload : <img src=1 href=1 onerror="javascript:alert(1)"></img>
- Create the link, an alert window appears (close it several times so that it disappears) , save the course. ("Save and return")

Each time the course description is displayed, the stored xss is activated : activate it by viewing the course, by modifying it, etc.

Navigation

Suggest Exploit

Services By CQR