Description

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.

Remediation

References

CVE-2012-3389

Related Vulnerabilities

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4196)

osTicket CVE-2018-7195 Vulnerability (CVE-2018-7195)

IBM RTC Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-0325)

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2021-32472)

Django Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0483)

Severity

Medium

Classification

CVE-2012-3389 CWE-707

Tags

Missing Update Known Vulnerabilities