Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20183)

Description

It was found in Moodle before version 3.10.1 that some search inputs were vulnerable to reflected XSS due to insufficient escaping of search queries.

Remediation

References

Related Vulnerabilities

WordPress Plugin WP Job Manager PHP Object Injection (1.31.2)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-4608)

SharePoint CVE-2023-21743 Vulnerability (CVE-2023-21743)

WordPress Plugin Bug Library Cross-Site Scripting (2.0.3)

Liferay Portal Cleartext Storage of Sensitive Information Vulnerability (CVE-2021-33323)

Severity

Medium

Classification

CVE-2021-20183 CWE-707 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities