Description
A flaw was found in Moodle in versions 3.11 to 3.11.3, 3.10 to 3.10.7, 3.9 to 3.9.10 and earlier unsupported versions. A URL parameter in the filetype site administrator tool required extra sanitizing to prevent a reflected XSS risk.
Remediation
References
Related Vulnerabilities
WordPress Plugin Answer My Question Multiple Cross-Site Scripting Vulnerabilities (1.1)
Joomla Improper Input Validation Vulnerability (CVE-2015-8562)
WordPress Plugin WooCommerce Cross-Seller Unspecified Vulnerability (1.0.2)
WordPress Plugin Snazzy Maps Multiple Cross-Site Scripting Vulnerabilities (1.1.3)