Description

Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

Remediation

References

CVE-2004-1424

Related Vulnerabilities

Drupal Core 4.7.x Arbitrary Code Execution (4.7.0)

WordPress Plugin AccessPress Social Share includes Backdoor [Only if downloaded via the vendor website] (4.5.5)

PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-7125)

Jenkins Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2020-2102)

WordPress Plugin Disable Comments Cross-Site Scripting (1.3)

Severity

Medium

Classification

CVE-2004-1424 CWE-707

Tags

Missing Update Known Vulnerabilities