Description
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.
Remediation
References
Related Vulnerabilities
Jenkins Improper Authorization Vulnerability (CVE-2021-21693)
WordPress Plugin DJ EmailPublish Cross-Site Scripting (1.7.2)
WordPress Plugin Multi Feed Reader SQL Injection (2.2.3)
WordPress Plugin Another WordPress Classifieds Unspecified Vulnerability (1.8.9.4)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-6113)