Description

Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.

Remediation

References

CVE-2010-1619

Related Vulnerabilities

WordPress Plugin Monarch Social Sharing Security Bypass (1.2.6)

SugarCRM Improperly Controlled Modification of Dynamically-Determined Object Attributes Vulnerability (CVE-2019-17316)

WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.7)

Atlassian Jira Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-11588)

Joomla! Core 3.x.x Multiple Vulnerabilities (3.0.0 - 3.6.4)

Severity

Medium

Classification

CVE-2010-1619 CWE-707

Tags

Missing Update Known Vulnerabilities