Description
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
Remediation
References
Related Vulnerabilities
Roundcube Cross-site Scripting (XSS) Vulnerability (CVE-2016-4068)
WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.36)
PostgreSQL Improper Authentication Vulnerability (CVE-2017-7546)
Internet Information Services Other Vulnerability (CVE-2002-1908)
WordPress Plugin Download Manager Cross-Site Scripting (3.2.46)