Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-58409

Self-XSS in autocomplete element (for example "Tags")

    XMLWordPrintable

    Details

      Description

      I am reporting a XSS security issues in accordance with Bug in Tag feature.

      Tag feature in any pages has XSS vulnerability.

      Here are steps for how to reproduce below.

      (1) Create a new quiz instance, open edit from.

      (2) Enter <script> tag e.g(<script>alert("XSS!");</script>)

      (3) !?

        Attachments

          Issue Links

            Activity

              People

              • Votes:
                1 Vote for this issue
                Watchers:
                10 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Fix Release Date:
                  10/Sep/18

                  Time Tracking

                  Estimated:
                  Original Estimate - 0 minutes
                  0m
                  Remaining:
                  Remaining Estimate - 0 minutes
                  0m
                  Logged:
                  Time Spent - 30 minutes
                  30m