Description

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.

Remediation

References

CVE-2012-2365

Related Vulnerabilities

WordPress Plugin MapPress Maps for WordPress Security Bypass (2.54.5)

WordPress Plugin Ad Swapper Cross-Site Scripting (1.0.3)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-5268)

OpenSSL Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') Vulnerability (CVE-2015-3216)

Drupal Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2017-6928)

Severity

Low

Classification

CVE-2012-2365 CWE-707

Tags

Missing Update Known Vulnerabilities