Description
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
Remediation
References
Related Vulnerabilities
WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.21)
OpenSSL Cryptographic Issues Vulnerability (CVE-2009-3555)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5472)
PHP Use After Free Vulnerability (CVE-2016-4473)
WordPress Plugin EmbedSocial-Social Media Feeds, Reviews and Galleries Cross-Site Scripting (1.1.27)