Description

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.

Remediation

References

CVE-2014-3549

Related Vulnerabilities

WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease Multiple Cross-Site Scripting Vulnerabilities (2.3.9)

WordPress Plugin Custom Fields Search by BestWebSoft Cross-Site Scripting (1.3.1)

Atlassian Confluence Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-26072)

WordPress Plugin Events Made Easy Multiple Vulnerabilities (1.5.49)

MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5615)

Severity

Medium

Classification

CVE-2014-3549 CWE-707

Tags

Missing Update Known Vulnerabilities