Boletines de Vulnerabilidades

MSA-18-0019: Boost theme - blog search GET parameter insufficiently filtered

Información sobre el sistema
   
Software afectado PHP

Descripción
di Michael Hawkins. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.Severity/Risk:MinorVersions affected:3.5 to 3.5.1, 3.4 to 3.4.4, 3.3 to 3.3.7 and earlier unsupported versionsVersions fixed:3.5.2, 3.4.5 and 3.3.8Reported by:Michael HawkinsWorkaround:Use an alternative theme not based upon Boost until the

More info:

https://moodle.org/mod/forum/discuss.php?d=376025&parent=1516120

Identificadores estándar
Propiedad Valor
CVE CVE-2018-14631.

Histórico de versiones
Versión Comentario Fecha
1.0 Advisory issued 2018-11-16

Miembros de

CERT
FIRST
TF-CSIRT
EGC Group
UE
Red Nacional de SOC
Foro Nacional de Ciberseguridad
CSIRT.es
Ministerio de Defensa
CNI
CCN
CCN-CERT