Description
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.
Remediation
References
Related Vulnerabilities
Squid Improper Certificate Validation Vulnerability (CVE-2023-46724)
WordPress Plugin All-in-One WP Migration Information Disclosure (7.0)
Oracle Database Server CVE-2006-0291 Vulnerability (CVE-2006-0291)
WordPress Plugin Admin Columns Pro Cross-Site Scripting (5.5.1)
WordPress Plugin Occasions Cross-Site Request Forgery (1.0.4)