Description
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.0.x Remote File Inclusion (1.0.11 - 1.0.14)
WordPress Plugin Feedweb Unspecified Vulnerability (3.0.10)
Oracle Database Server CVE-2023-22096 Vulnerability (CVE-2023-22096)
PostgreSQL Untrusted Search Path Vulnerability (CVE-2020-14350)
Nginx Insufficient Session Expiration Vulnerability (CVE-2014-3616)