Description

In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.

Remediation

References

CVE-2017-7298

Related Vulnerabilities

Drupal Core 7.x Arbitrary File Overwrite (7.0 - 7.77)

Oracle JRE CVE-2013-1484 Vulnerability (CVE-2013-1484)

OpenSSL NULL Pointer Dereference Vulnerability (CVE-2009-1387)

Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)

Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)

Severity

Medium

Classification

CVE-2017-7298 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities