Description

Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.

Remediation

References

CVE-2012-2364

Related Vulnerabilities

WordPress Plugin rtMedia for WordPress, BuddyPress and bbPress SQL Injection (3.7.39)

Prototype CVE-2008-7220 Vulnerability (CVE-2008-7220)

Open Resty Uncontrolled Resource Consumption Vulnerability (CVE-2023-44487)

WordPress Plugin HDW Player (Video Player & Video Gallery) SQL Injection (2.4.2)

WordPress Plugin WooCommerce PayPal Checkout Payment Gateway Parameter Tampering (1.6.8)

Severity

Low

Classification

CVE-2012-2364 CWE-707

Tags

Missing Update Known Vulnerabilities