Description

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

Remediation

References

CVE-2008-5432

Related Vulnerabilities

WordPress Plugin Spider Calendar Cross-Site Scripting and SQL Injection Vulnerabilities (1.0.1)

WordPress 3.9.x Multiple Vulnerabilities (3.9 - 3.9.25)

Moodle Weak Password Recovery Mechanism for Forgotten Password Vulnerability (CVE-2016-7038)

Joomla! Core 3.x.x Security Bypass (3.0.0 - 3.4.4)

WordPress 2.0.1 Denial of Service Vulnerability (0.6.2 - 2.0.1)

Severity

Medium

Classification

CVE-2008-5432 CWE-707

Tags

Missing Update Known Vulnerabilities