Description

Multiple cross-site scripting (XSS) vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted (1) error or (2) success message for a scheduled task.

Remediation

References

CVE-2014-3550

Related Vulnerabilities

WordPress Other Vulnerability (CVE-2007-3543)

WordPress Plugin User Role Editor Cross-Site Request Forgery (3.12)

WordPress Plugin WP No External Links Cross-Site Scripting (3.5.18)

Phusion Passenger Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12026)

Jenkins Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2015-5317)

Severity

Medium

Classification

CVE-2014-3550 CWE-707

Tags

Missing Update Known Vulnerabilities