Description

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.

Remediation

References

CVE-2014-3548

Related Vulnerabilities

WordPress Plugin CYSTEME Finder, the admin files explorer Unspecified Vulnerability (1.7)

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-4344)

MyBB Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2011-5131)

WordPress Plugin Border Loading Bar Cross-Site Scripting (1.0.1)

Joomla Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2017-7989)

Severity

Medium

Classification

CVE-2014-3548 CWE-707

Tags

Missing Update Known Vulnerabilities