Description

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.

Remediation

References

CVE-2014-3549

Related Vulnerabilities

WordPress Plugin WP Keyword Link Multiple Cross-Site Scripting Vulnerabilities (1.7)

Joomla! Core 3.x.x Cross-Site Scripting (3.1.2 - 3.2.2)

WordPress Plugin Advanced Import:One Click Import for WordPress or Theme Demo Data Cross-Site Request Forgery (1.3.7)

phpMyFAQ Other Vulnerability (CVE-2004-2257)

Zenphoto Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2020-36079)

Severity

Medium

Classification

CVE-2014-3549 CWE-707

Tags

Missing Update Known Vulnerabilities