Description
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Remediation
References
Related Vulnerabilities
WordPress 3.3.2 Multiple Vulnerabilities (3.3 - 3.3.2)
WordPress Plugin Contact Bank-Contact Form Builder for WordPress Cross-Site Scripting (2.0.225)
WordPress Plugin RSVPMaker for Toastmasters Cross-Site Request Forgery (3.3.4)
OpenSSL Cryptographic Issues Vulnerability (CVE-2011-5095)
WordPress Plugin Recommend to a friend Cross-Site Scripting (2.0.2)