Description

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.

Remediation

References

CVE-2009-0500

Related Vulnerabilities

WordPress Plugin Event Organiser Cross-Site Scripting (2.12.4)

WordPress Plugin Page Restrict Cross-Site Scripting (2.2.1)

WordPress Plugin Redirection Local File Inclusion (2.7.3)

IBMHttpServer Other Vulnerability (CVE-2001-0122)

MySQL CVE-2018-2769 Vulnerability (CVE-2018-2769)

Severity

Medium

Classification

CVE-2009-0500 CWE-707

Tags

Missing Update Known Vulnerabilities