Description

Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.

Remediation

References

CVE-2012-2364

Related Vulnerabilities

Plone CMS Weak Password Requirements Vulnerability (CVE-2020-7940)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-34911)

WordPress Plugin Contact Form Email Cross-Site Scripting (1.1.49)

WordPress Plugin EWWW Image Optimizer Cross-Site Scripting (2.0.1)

WordPress Plugin WooCommerce Security Bypass (6.3.0)

Severity

Low

Classification

CVE-2012-2364 CWE-707

Tags

Missing Update Known Vulnerabilities