Description
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
Remediation
References
Related Vulnerabilities
WordPress Plugin Slider by 10Web-Responsive Image Slider SQL Injection (1.2.35)
WordPress Plugin WP Canvas-Shortcodes Cross-Site Scripting (2.06)
Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2013-4938)
WordPress Plugin Advanced Order Export For WooCommerce CSV Injection (1.5.4)
Oracle HTTP Server CVE-2021-2480 Vulnerability (CVE-2021-2480)