Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-3733

Self-XSS in DM (Mobile app)

    XMLWordPrintable

    Details

    • Affected Branches:
      MOODLE_39_STABLE

      Description

      There is a way to self-xss in the mobile app (made on Android)

      Steps:

      1. Open dm with anybody (myself in my case)
      2. Send "<img src=x onerror=alert(1)>"
      3. It alert : "1"

      (Reopen the DM doesn't reexecute the script, it only work on the sender at the sending)

      It maybe can be injected with other way

        Attachments

          Activity

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            djdjdjf djdjdjf
            Participants:
            Component watchers:
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated: