Description

Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.

Remediation

References

CVE-2014-3547

Related Vulnerabilities

WordPress Plugin Booking Calendar SQL Injection (8.4.4)

PHP Other Vulnerability (CVE-2007-1522)

WordPress Plugin Product Catalog X Cross-Site Request Forgery (1.5.12)

PHP Out-of-bounds Read Vulnerability (CVE-2017-9227)

WordPress Plugin Download Monitor Cross-Site Scripting (3.3.6.1)

Severity

Medium

Classification

CVE-2014-3547 CWE-707

Tags

Missing Update Known Vulnerabilities