Description
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
Remediation
References
Related Vulnerabilities
WordPress Plugin Integrator 'redirect_to' Parameter Cross-Site Scripting (1.32)
XWiki Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2023-34466)
WordPress Plugin Add Custom Link to WordPress Admin Bar Cross-Site Scripting (1.0)
WordPress Plugin Easy Forms for MailChimp Unspecified Vulnerability (6.3.11)