Description

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

Remediation

References

CVE-2011-4282

Related Vulnerabilities

Squid Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2013-0189)

Plone CMS Improper Restriction of XML External Entity Reference Vulnerability (CVE-2020-28734)

WordPress Plugin All-In-One Security (AIOS)-Security and Firewall Cross-Site Scripting (4.1.9)

WordPress Plugin Popup Maker-Popup for opt-ins, lead gen, & more Cross-Site Scripting (1.6.4)

ATutor Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-12170)

Severity

Medium

Classification

CVE-2011-4282 CWE-707

Tags

Missing Update Known Vulnerabilities