Description
moodle before versions 3.5.2, 3.4.5, 3.3.8 is vulnerable to a boost theme - blog search GET parameter insufficiently filtered. The breadcrumb navigation provided by Boost theme when displaying search results of a blog were insufficiently filtered, which could result in reflected XSS if a user followed a malicious link containing JavaScript in the search parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin WordPress Backup and Migrate-Backup Guard Arbitrary File Upload (1.0.2)
WordPress Plugin Amelia-Events & Appointments Booking Calendar Multiple Vulnerabilities (1.0.45)
WordPress Plugin ThreeWP Email Reflector 'Subject' Field Cross-Site Scripting (1.15)
WordPress Plugin cformsII Multiple Cross-Site Scripting Vulnerabilities (14.13.2)
WordPress Plugin Country State City Dropdown CF7 Security Bypass (2.7.1)