Description
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Remediation
References
Related Vulnerabilities
Python Other Vulnerability (CVE-2016-3189)
WordPress Plugin leads5050-visitor-insights Security Bypass (1.0.5)
PHP Other Vulnerability (CVE-2005-3353)
Nexus Repository Manager Use of Hard-coded Credentials Vulnerability (CVE-2024-5764)
WordPress Plugin Fusion:Extension-Menu Multiple Unspecified Vulnerabilities (1.0.2)