Description

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.

Remediation

References

CVE-2015-0212

Related Vulnerabilities

Missing Authentication Check in SAP Solution Manager

PHP Deserialization of Untrusted Data Vulnerability (CVE-2007-1701)

Drupal Core 8.8.x Multiple Cross-Site Scripting Vulnerabilities (8.8.0 - 8.8.9)

WebLogic Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-11771)

LimeSurvey Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-5016)

Severity

Low

Classification

CVE-2015-0212 CWE-707

Tags

Missing Update Known Vulnerabilities