Description

Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.

Remediation

References

CVE-2006-4941

Related Vulnerabilities

WordPress Plugin Portfolio Gallery-Photo Gallery Multiple Unspecified Vulnerabilities (2.0.72)

Liferay DXP Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-38901)

WordPress Plugin The Plus Addons for Elementor Security Bypass (4.1.6)

WordPress Plugin Import XML and RSS Feeds Arbitrary File Upload (2.1.3)

WordPress Plugin Convert Docx2post Arbitrary File Upload (1.4)

Severity

Medium

Classification

CVE-2006-4941

Tags

Missing Update Known Vulnerabilities