Description
Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.
Remediation
References
Related Vulnerabilities
Jenkins Missing Authorization Vulnerability (CVE-2021-21685)
WordPress Plugin WP Maps-Display Google Maps Perfectly with Ease SQL Injection (4.1.4)
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2013-2243)
WordPress Plugin Gravity Forms Directory Cross-Site Scripting (3.7.1)