Description

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

Remediation

References

CVE-2011-4282

Related Vulnerabilities

TYPO3 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5098)

OpenSSL Other Vulnerability (CVE-2015-0208)

Drupal Core 6.x Security Bypass (6.0 - 6.35)

Drupal Core 9.3.x Cross-Site Scripting (9.3.0 - 9.3.2)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6105)

Severity

Medium

Classification

CVE-2011-4282 CWE-707

Tags

Missing Update Known Vulnerabilities