Uploaded image for project: 'Moodle app'
  1. Moodle app
  2. MOBILE-3733

Self-XSS in DM (Mobile app)

    XMLWordPrintable

Details

    • MOODLE_39_STABLE

    Description

      There is a way to self-xss in the mobile app (made on Android)

      Steps:

      1. Open dm with anybody (myself in my case)
      2. Send "<img src=x onerror=alert(1)>"
      3. It alert : "1"

      (Reopen the DM doesn't reexecute the script, it only work on the sender at the sending)

      It maybe can be injected with other way

      Attachments

        1. 20210411_194909.jpg
          177 kB
          djdjdjf
        2. 20210411_194925.jpg
          112 kB
          djdjdjf

        Activity

          People

            Unassigned Unassigned
            djdjdjf djdjdjf
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated: