Description
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
Remediation
References
Related Vulnerabilities
Moodle Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2008-3327)
WordPress Plugin vSlider Multi Image Slider for WordPress Multiple Vulnerabilities (4.1.2)
Drupal Core 8.8.x Cross-Site Request Forgery (8.8.0 - 8.8.7)
MathJax Inefficient Regular Expression Complexity Vulnerability (CVE-2023-39663)
Moodle Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-6103)