Description

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

Remediation

References

CVE-2010-2228

Related Vulnerabilities

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.4)

WordPress Plugin YITH WooCommerce Bulk Product Editing Security Bypass (1.2.13)

WordPress Plugin WP Support Plus Responsive Ticket System Multiple Vulnerabilities (4.1)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-8810)

MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-3965)

Severity

Medium

Classification

CVE-2010-2228 CWE-707

Tags

Missing Update Known Vulnerabilities