Description

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.

Remediation

References

CVE-2012-3389

Related Vulnerabilities

WordPress Plugin Better Search Replace Multiple Unspecified Vulnerabilities (1.0.3)

Joomla! Core 1.0.x Multiple Cross-Site Scripting Vulnerabilities (1.0.0 - 1.0.12)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2018-14883)

Oracle JRE CVE-2014-2427 Vulnerability (CVE-2014-2427)

WordPress Plugin Product Size charts for Woocommerce Unspecified Vulnerability (1.0)

Severity

Medium

Classification

CVE-2012-3389 CWE-707

Tags

Missing Update Known Vulnerabilities