Description

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.

Remediation

References

CVE-2012-3389

Related Vulnerabilities

WordPress Plugin POST SMTP Mailer-Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress Cross-Site Scripting (2.1.3)

Next.js Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-5284)

Drupal Core 4.5.x Security Bypass (4.5.0 - 4.5.7)

PHP-Fusion CVE-2020-35952 Vulnerability (CVE-2020-35952)

Plone CMS Other Vulnerability (CVE-2006-4249)

Severity

Medium

Classification

CVE-2012-3389 CWE-707

Tags

Missing Update Known Vulnerabilities