Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-14631

moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.6%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 4.3
Products affected by CVE-2018-14631
  • Moodle » Moodle » Version: 3.3.0
    cpe:2.3:a:moodle:moodle:3.3.0
  • Moodle » Moodle » Version: 3.3.1
    cpe:2.3:a:moodle:moodle:3.3.1
  • Moodle » Moodle » Version: 3.3.2
    cpe:2.3:a:moodle:moodle:3.3.2
  • Moodle » Moodle » Version: 3.3.3
    cpe:2.3:a:moodle:moodle:3.3.3
  • Moodle » Moodle » Version: 3.3.4
    cpe:2.3:a:moodle:moodle:3.3.4
  • Moodle » Moodle » Version: 3.3.5
    cpe:2.3:a:moodle:moodle:3.3.5
  • Moodle » Moodle » Version: 3.3.6
    cpe:2.3:a:moodle:moodle:3.3.6
  • Moodle » Moodle » Version: 3.3.7
    cpe:2.3:a:moodle:moodle:3.3.7
  • Moodle » Moodle » Version: 3.4.0
    cpe:2.3:a:moodle:moodle:3.4.0
  • Moodle » Moodle » Version: 3.4.1
    cpe:2.3:a:moodle:moodle:3.4.1
  • Moodle » Moodle » Version: 3.4.2
    cpe:2.3:a:moodle:moodle:3.4.2
  • Moodle » Moodle » Version: 3.4.3
    cpe:2.3:a:moodle:moodle:3.4.3
  • Moodle » Moodle » Version: 3.4.4
    cpe:2.3:a:moodle:moodle:3.4.4
  • Moodle » Moodle » Version: 3.5.0
    cpe:2.3:a:moodle:moodle:3.5.0
  • Moodle » Moodle » Version: 3.5.1
    cpe:2.3:a:moodle:moodle:3.5.1


Products
Pricing
Contact Us

Shodan ® - All rights reserved