Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7830)

Description

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.

Remediation

References

Related Vulnerabilities

WordPress Plugin Google Captcha (reCAPTCHA) by BestWebSoft Cross-Site Scripting (1.27)

WordPress Plugin Matrix Gallery 'upload.php' Arbitrary File Upload (2.1)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3543)

WordPress Plugin Art-Picture-Gallery Arbitrary File Upload (1.2.9)

WordPress Plugin Blog2Social:Social Media Auto Post & Scheduler Security Bypass (6.9.11)

Severity

Low

Classification

CVE-2014-7830 CWE-707

Tags

Missing Update Known Vulnerabilities