WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-1618)

Description

Cross-site scripting (XSS) vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message.

Remediation

References

Related Vulnerabilities

WordPress Plugin Party Hall Booking Manager SQL Injection (1.1)

osCommerce Other Vulnerability (CVE-2005-1951)

WordPress Plugin WP Google Maps Unspecified Vulnerability (6.2.1)

Drupal Core 8.5.x Multiple Vulnerabilities (8.5.0 - 8.5.8)

WordPress Plugin Photo Gallery by 10Web-Mobile-Friendly Image Gallery Unspecified Vulnerability (1.5.55)

Severity

Medium

Classification

CVE-2010-1618 CWE-707

Tags

Missing Update Known Vulnerabilities