Description

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.

Remediation

References

CVE-2014-7830

Related Vulnerabilities

TYPO3 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2012-6144)

WordPress Plugin Coming Soon Page & Maintenance Mode Cross-Site Scripting (1.8.1)

WordPress Plugin GD Rating System Unspecified Vulnerability (2.6)

WordPress Plugin Float to Top Button Cross-Site Scripting (2.3.6)

phpMyFAQ Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2017-15728)

Severity

Low

Classification

CVE-2014-7830 CWE-707

Tags

Missing Update Known Vulnerabilities