Description
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.
Remediation
References
Related Vulnerabilities
MySQL CVE-2018-3062 Vulnerability (CVE-2018-3062)
WordPress Plugin Redirection PHP Object Injection (2.7.3)
Craft CMS Missing Encryption of Sensitive Data Vulnerability (CVE-2018-20465)
WordPress Plugin qTranslate Cross-Site Request Forgery (2.5.34)
Jboss EAP Deserialization of Untrusted Data Vulnerability (CVE-2019-16942)