Description
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.
Remediation
References
Related Vulnerabilities
WordPress Plugin Video Comments Webcam Recorder Cross-Site Scripting (1.55)
WordPress Plugin WordPress Download Manager Security Bypass (2.7.2)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0788)
Moodle CVE-2019-3851 Vulnerability (CVE-2019-3851)
Moodle Improper Encoding or Escaping of Output Vulnerability (CVE-2021-40694)