Description

Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.

Remediation

References

CVE-2008-0123

Related Vulnerabilities

Dolibarr Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2017-18260)

WordPress Plugin WP Easy full backup Information Disclosure (1.4)

WordPress Plugin CP Contact Form with PayPal Cross-Site Scripting (1.2.98)

WordPress Plugin Portfolio for Elementor, Image Gallery & Post Grid-PowerFolio Cross-Site Scripting (2.3)

WordPress Plugin Favicon by RealFaviconGenerator Cross-Site Scripting (1.2.12)

Severity

Medium

Classification

CVE-2008-0123 CWE-707

Tags

Missing Update Known Vulnerabilities