Description

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.

Remediation

References

CVE-2012-2365

Related Vulnerabilities

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-7139)

ReviveAdserver Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-9472)

TYPO3 Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2005-4875)

WordPress Plugin Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages Multiple Cross-Site Scripting Vulnerabilities (45.0)

TYPO3 Improper Input Validation Vulnerability (CVE-2013-4250)

Severity

Low

Classification

CVE-2012-2365 CWE-707

Tags

Missing Update Known Vulnerabilities