Description

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Remediation

References

CVE-2011-4280

Related Vulnerabilities

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-3948)

WordPress Plugin Justified Gallery Cross-Site Scripting (1.7.0)

WordPress Plugin 404 to 301-Redirect, Log and Notify 404 Errors Cross-Site Request Forgery (3.0.8)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-2359)

Apache HTTP Server Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2007-6420)

Severity

Medium

Classification

CVE-2011-4280 CWE-707

Tags

Missing Update Known Vulnerabilities