Description

Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2014-0218

Related Vulnerabilities

WordPress Plugin Lazy content Slider Cross-Site Request Forgery (3.4)

WordPress Plugin Ad-Manager Open Redirect (1.1.2)

WordPress Plugin Theme Demo Import Arbitrary File Upload (1.1.0)

jQuery UI Tooltip Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2010-5312)

Internet Information Services Other Vulnerability (CVE-2001-0544)

Severity

Medium

Classification

CVE-2014-0218 CWE-707

Tags

Missing Update Known Vulnerabilities