Description
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.
Remediation
References
Related Vulnerabilities
ProjectSend Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2017-20101)
Magento Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-7903)
PostgreSQL CVE-2017-7547 Vulnerability (CVE-2017-7547)
MySQL CVE-2013-2381 Vulnerability (CVE-2013-2381)
WordPress Plugin WP eCommerce Multiple Vulnerabilities (3.9.1)