Description
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
Remediation
References
Related Vulnerabilities
WebLogic CVE-2018-2998 Vulnerability (CVE-2018-2998)
PostgreSQL Permissions, Privileges, and Access Controls Vulnerability (CVE-2016-0766)
WordPress Plugin Share Buttons by AddThis Cross-Site Scripting (5.0.12)
Moodle Configuration Vulnerability (CVE-2011-4585)
PHP Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2014-5459)