Description
A reflected cross-site scripting vulnerability was discovered in Moodle. This flaw exists due to insufficient sanitization of user-supplied data in policy tool. An attacker can trick the victim to open a specially crafted link that executes an arbitrary HTML and script code in user's browser in context of vulnerable website. This vulnerability may allow an attacker to perform cross-site scripting (XSS) attacks to gain access potentially sensitive information and modification of web pages.
Remediation
References
Related Vulnerabilities
Joomla! Core 1.6.x Information Disclosure (1.6.0 - 1.6.3)
WordPress Plugin W4 Post List Cross-Site Scripting (2.4.4)
Oracle Database Server CVE-2009-1021 Vulnerability (CVE-2009-1021)
Ruby on Rails Improper Input Validation Vulnerability (CVE-2013-1854)
WordPress Plugin Admin Menu Tree Page View Multiple Vulnerabilities (2.6.9)