Description

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

Remediation

References

CVE-2010-2228

Related Vulnerabilities

Ruby on Rails Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2008-5189)

PHP-Fusion Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-23184)

WordPress Plugin WP Import Export Lite Information Disclosure (3.9.15)

WordPress Plugin Bulk Delete Privilege Escalation (5.5.3)

WordPress 4.9.x Multiple Vulnerabilities (4.9 - 4.9.13)

Severity

Medium

Classification

CVE-2010-2228 CWE-707

Tags

Missing Update Known Vulnerabilities