Description
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.
Remediation
References
Related Vulnerabilities
WordPress Plugin MoodThingy Mood Rating Widget SQL Injection (0.9.1)
MySQL CVE-2012-0120 Vulnerability (CVE-2012-0120)
Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)
WordPress Plugin Google Analytics by BestWebSoft Cross-Site Scripting (1.7.0)
Oracle Database Server CVE-2011-2322 Vulnerability (CVE-2011-2322)