Description

Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.

Remediation

References

CVE-2012-2361

Related Vulnerabilities

WordPress Plugin xili-language Multiple Unspecified Vulnerabilities (2.17.0)

Joomla! Core Remote Code Execution (1.5.0 - 3.4.5)

Python Other Vulnerability (CVE-2012-2135)

Knockout.js Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-14862)

Oracle HTTP Server Other Vulnerability (CVE-2002-0659)

Severity

Low

Classification

CVE-2012-2361 CWE-707

Tags

Missing Update Known Vulnerabilities