Description

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.

Remediation

References

CVE-2014-7830

Related Vulnerabilities

WordPress Plugin MoodThingy Mood Rating Widget SQL Injection (0.9.1)

MySQL CVE-2012-0120 Vulnerability (CVE-2012-0120)

Grafana URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2022-29170)

WordPress Plugin Google Analytics by BestWebSoft Cross-Site Scripting (1.7.0)

Oracle Database Server CVE-2011-2322 Vulnerability (CVE-2011-2322)

Severity

Low

Classification

CVE-2014-7830 CWE-707

Tags

Missing Update Known Vulnerabilities