Description

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.

Remediation

References

CVE-2014-3551

Related Vulnerabilities

WordPress Plugin Photoracer Multiple Cross-Site Scripting and SQL Injection Vulnerabilities (1.0)

WordPress Plugin Alpine PhotoTile for Instagram Cross-Site Scripting (1.2.7.7)

WordPress Plugin Gallery-Video Gallery and Youtube Gallery Multiple Vulnerabilities (2.0.3)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4198)

WordPress Plugin Form Maker by 10Web-Mobile-Friendly Drag & Drop Contact Form Builder Security Bypass (1.7.14)

Severity

Low

Classification

CVE-2014-3551 CWE-707

Tags

Missing Update Known Vulnerabilities