Moodle contains a cross-site scripting vulnerability via the Jsmol plugin and may also be susceptible to local file inclusion or server-side-request forgery. An attacker can execute arbitrary script in the browser of an unsuspecting user and steal cookie-based authentication credentials and launch other attacks.
Details: moodle-filter-jmol-xss matched at honey.scanme.sh
Protocol: HTTP
Full URL: https://honey.scanme.sh/filter/jmol/js/jsmol/php/jsmol.php?call=saveFile&data=%3Cscript%3Ealert(%27XSS%27)%3C/script%3E&mimetype=text/html
Timestamp: Tue Apr 30 19:28:58 +0530 IST 2024
Template Information
Request
Response
References:
CURL command
Generated by Nuclei v3.2.5