Description

Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states.

Remediation

References

CVE-2011-4591

Related Vulnerabilities

PHP Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2016-7480)

WordPress Plugin AdRotate-Ad manager & AdSense Ads SQL Injection (5.8.3.1)

Drupal Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-2983)

WordPress Plugin Spam protection, AntiSpam, FireWall by CleanTalk SQL Injection (5.185)

WordPress Plugin Auto Featured Image Arbitrary File Upload (1.2)

Severity

Medium

Classification

CVE-2011-4591 CWE-707

Tags

Missing Update Known Vulnerabilities