Description

Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.

Remediation

References

CVE-2006-4941

Related Vulnerabilities

e107 Other Vulnerability (CVE-2006-0682)

Drupal Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-0826)

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2016-0725)

Ruby Other Vulnerability (CVE-2014-8080)

WordPress Plugin Instagram Feed Unspecified Vulnerability (1.10.2)

Severity

Medium

Classification

CVE-2006-4941

Tags

Missing Update Known Vulnerabilities