Description
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
Remediation
References
Related Vulnerabilities
WordPress Plugin Haiku minimalist audio player Cross-Site Scripting (1.0.0)
WordPress Plugin File Manager Multiple Vulnerabilities (4.8)
WordPress Plugin Amelia-Events & Appointments Booking Calendar Cross-Site Scripting (1.0.46)
Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-1468)