Description

Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.

Remediation

References

CVE-2014-3549

Related Vulnerabilities

WordPress Plugin Haiku minimalist audio player Cross-Site Scripting (1.0.0)

IBM RTC Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') Vulnerability (CVE-2016-0325)

WordPress Plugin File Manager Multiple Vulnerabilities (4.8)

WordPress Plugin Amelia-Events & Appointments Booking Calendar Cross-Site Scripting (1.0.46)

Piwigo Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2013-1468)

Severity

Medium

Classification

CVE-2014-3549 CWE-707

Tags

Missing Update Known Vulnerabilities