Description
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
Remediation
References
Related Vulnerabilities
PostgreSQL Improper Certificate Validation Vulnerability (CVE-2021-43766)
WordPress Plugin WP Widget Cache Cross-Site Scripting (0.26)
WordPress Plugin IP Blacklist Cloud Arbitrary File Disclosure (3.42)
PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2007-2748)
Jenkins Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-1810)