Description

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

Remediation

References

CVE-2014-3544

Related Vulnerabilities

Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-3327)

WordPress Plugin vSlider Multi Image Slider for WordPress Multiple Vulnerabilities (4.1.2)

Drupal Core 8.8.x Cross-Site Request Forgery (8.8.0 - 8.8.7)

MathJax Inefficient Regular Expression Complexity Vulnerability (CVE-2023-39663)

Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6103)

Severity

Low

Classification

CVE-2014-3544 CWE-707

Tags

Missing Update Known Vulnerabilities