Description

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

Remediation

References

CVE-2008-3326

Related Vulnerabilities

Jenkins Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-1003050)

WordPress 5.6.x Multiple Vulnerabilities (5.6 - 5.6.8)

WordPress Plugin Export Post Info CSV Injection (1.2.0)

WordPress Plugin WooCommerce Quick Reports Cross-Site Scripting (1.0.6)

OpenSSL Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') Vulnerability (CVE-2021-3711)

Severity

Low

Classification

CVE-2008-3326 CWE-707

Tags

Missing Update Known Vulnerabilities