Description

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.

Remediation

References

CVE-2009-0500

Related Vulnerabilities

WordPress 4.0.x Cross-Site Request Forgery (4.0 - 4.0.25)

WordPress Plugin WordPress Infinite Scroll-Ajax Load More Cross-Site Scripting (5.6.0.2)

Drupal Core 4.6.x Arbitrary Code Execution (4.6.0 - 4.6.7)

WordPress Plugin VideoWhisper Video Presentation 'vw_upload.php' Arbitrary File Upload (3.17)

WordPress Plugin Cherry Multiple Vulnerabilities (1.2.6)

Severity

Medium

Classification

CVE-2009-0500 CWE-707

Tags

Missing Update Known Vulnerabilities