Description
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
Remediation
References
Related Vulnerabilities
OpenSSL Out-of-bounds Read Vulnerability (CVE-2016-6306)
WordPress Plugin User Role Editor Security Bypass (4.24)
WordPress Plugin Order XML File Export Import for WooCommerce Cross-Site Request Forgery (1.3.0)
WordPress Plugin Giveaway Boost PHP Object Injection (2.1.2)
WordPress Plugin Akeeba Backup CORE for WordPress Arbitrary File Upload (1.1.3)