Description

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

Remediation

References

CVE-2011-4282

Related Vulnerabilities

Plone CMS Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-1948)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-7295)

WordPress Plugin MailCWP Arbitrary File Upload (1.100)

IBM Lotus Domino web server Cross-Site Scripting vulnerabilities

WordPress Plugin Polldaddy Polls & Ratings Cross-Site Scripting (2.0.24)

Severity

Medium

Classification

CVE-2011-4282 CWE-707

Tags

Missing Update Known Vulnerabilities