Description
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP-Filebase Download Manager Multiple Unspecified Vulnerabilities (0.2.9.24)
Oracle Database Server Other Vulnerability (CVE-2007-3857)
WordPress Plugin Image Photo Gallery Final Tiles Grid Security Bypass (3.3.52)
SharePoint Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2019-1443)