Description
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
Remediation
References
Related Vulnerabilities
Plone CMS Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5491)
WordPress Plugin YITH WooCommerce Badge Management Security Bypass (1.3.19)
Internet Information Services Other Vulnerability (CVE-2001-1243)
Chamilo Other Vulnerability (CVE-2023-34962)
WordPress Plugin Markdown on Save Improved Cross-Site Scripting (2.5)