Description
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 does not ensure that a file upload is for a private or draft area, which allows remote authenticated users to upload files containing JavaScript, and consequently conduct cross-site scripting (XSS) attacks, by specifying the profile-picture area.
Remediation
References
Related Vulnerabilities
WordPress Plugin Facebook Photo Fetcher Unspecified Vulnerability (2.1.17)
WordPress Plugin WassUp Real Time Analytics 'spy.php' SQL Injection (1.4.3)
TCExam Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2011-3806)
ownCloud Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-9044)