Description

Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.

Remediation

References

CVE-2011-4306

Related Vulnerabilities

WordPress Plugin Event Single Page Templates Addon For The Events Calendar Security Bypass (1.5)

WordPress Plugin Mingle Forum SQL Injection and Security Bypass Vulnerabilities (1.0.26)

WordPress Plugin Easy Career Openings Cross-Site Scripting (0.4)

WordPress Plugin TRADIES Information Disclosure (2.2.6)

PHP Other Vulnerability (CVE-2005-3391)

Severity

Medium

Classification

CVE-2011-4306 CWE-707

Tags

Missing Update Known Vulnerabilities