Description

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.

Remediation

References

CVE-2014-3548

Related Vulnerabilities

Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-3850)

WordPress Plugin News Element Elementor Blog Magazine Local File Inclusion (1.0.5)

phpList Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-12639)

WordPress Plugin Advanced Ads-Ad Manager & AdSense Cross-Site Scripting (1.17.3)

MediaWiki Exposure of Resource to Wrong Sphere Vulnerability (CVE-2017-0367)

Severity

Medium

Classification

CVE-2014-3548 CWE-707

Tags

Missing Update Known Vulnerabilities