WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2012-2361)

Description

Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.

Remediation

References

Related Vulnerabilities

WordPress Plugin Embed Any Document-Embed PDF, Word, PowerPoint and Excel Files Cross-Site Scripting (2.7.1)

WordPress Plugin Tinymce Thumbnail Gallery 'href' Parameter Information Disclosure (1.0.7)

PHP Out-of-bounds Read Vulnerability (CVE-2020-7064)

osTicket Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-30082)

WordPress Ultimate Member Plugin Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2023-31216)

Severity

Low

Classification

CVE-2012-2361 CWE-707

Tags

Missing Update Known Vulnerabilities