WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-9059)

Description

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

Remediation

References

Related Vulnerabilities

Liferay Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2020-28884)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5336)

phpMyAdmin CVE-2019-6799 Vulnerability (CVE-2019-6799)

MediaWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-1817)

WordPress Plugin Plug your WooCommerce into the largest catalog of customized print products from Helloprint Cross-Site Scripting (1.4.6)

Severity

Medium

Classification

CVE-2014-9059 CWE-707

Tags

Missing Update Known Vulnerabilities