Description

Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states.

Remediation

References

CVE-2011-4591

Related Vulnerabilities

WordPress Plugin UpdraftPlus WordPress Backup Security Bypass (1.9.50)

WordPress Plugin wp-microblogs Cross-Site Scripting (0.4.0)

Atlassian Jira Incorrect Behavior Order: Validate Before Canonicalize Vulnerability (CVE-2022-26137)

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7134)

Python Incorrect Type Conversion or Cast Vulnerability (CVE-2020-10735)

Severity

Medium

Classification

CVE-2011-4591 CWE-707

Tags

Missing Update Known Vulnerabilities