-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
3.9.4
-
-
MOODLE_39_STABLE
-
Moodle Apps Sprint 2025-I1.4
There is a way to self-xss in the mobile app (made on Android)
Steps:
- Open dm with anybody (myself in my case)
- Send "<img src=x onerror=alert(1)>"
- It alert : "1"
(Reopen the DM doesn't reexecute the script, it only work on the sender at the sending)
It maybe can be injected with other way