Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2018-1136

An issue was discovered in Moodle 3.x. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability users can move such a block to other pages where they can be viewed by other users.