Description
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.
Remediation
References
Related Vulnerabilities
WordPress Plugin 5gig Concerts Unspecified Vulnerability (1.0)
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5492)
Jenkins Deserialization of Untrusted Data Vulnerability (CVE-2018-1999042)
WordPress Plugin Add Custom Link to WordPress Admin Bar Cross-Site Scripting (1.0)
WordPress Plugin WooCommerce PDF Vouchers-Ultimate Gift Cards Unspecified Vulnerability (4.9.4)