CVE-2018-1081 - AskarLabs CVE Database

CVE-2018-1081

Vendor Red Hat, Inc.

Product Moodle

Weakness CWE-79 · XSS

Published April 4, 2018

Last update September 16, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

01Description

A flaw was found in Moodle 3.4 to 3.4.1, 3.3 to 3.3.4, 3.2 to 3.2.7, 3.1 to 3.1.10 and earlier unsupported versions. Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

Key dates

02Disclosure timeline

April 4, 2018 CVE published

September 16, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2018-1081 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/79.html

Related vulnerabilities

04Related CVE

CVE-2025-1230 Cross-Site Scripting (XSS) vulnerability in Prestashop CVE-2023-7323 Nagios Log Server < 2024R1 XSS via Create User Function CVE-2024-29111 WordPress Sitekit plugin <= 1.6 - Cross Site Scripting (XSS) vulnerability CVE-2026-23611 GFI MailEssentials AI < 22.4 Anti-Spam IP Blocklist Description Stored XSS CVE-2022-23912 AP Custom Testimonial < 1.4.8 - Reflected Cross-Site Scripting