MSA-18-0019: Boost theme - blog search GET parameter insufficiently filtered
|
Información sobre el sistema
|
|
|
Software afectado |
PHP |
Descripción
|
di Michael Hawkins. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.Severity/Risk:MinorVersions affected:3.5 to 3.5.1, 3.4 to 3.4.4, 3.3 to 3.3.7 and earlier unsupported versionsVersions fixed:3.5.2, 3.4.5 and 3.3.8Reported by:Michael HawkinsWorkaround:Use an alternative theme not based upon Boost until the
More info:
https://moodle.org/mod/forum/discuss.php?d=376025&parent=1516120 |
Identificadores estándar
|
Propiedad |
Valor |
CVE |
CVE-2018-14631. |