Description

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.

Remediation

References

CVE-2014-3551

Related Vulnerabilities

Oracle Database Server CVE-2008-0341 Vulnerability (CVE-2008-0341)

PHP-Fusion Authentication Bypass by Capture-replay Vulnerability (CVE-2020-23178)

WordPress Plugin Awesome Support-WordPress HelpDesk & Support Unspecified Vulnerability (6.0.7)

Jenkins Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-21692)

WordPress Plugin Booster Plus for WooCommerce Multiple Cross-Site Request Forgery Vulnerabilities (6.0.0)

Severity

Low

Classification

CVE-2014-3551 CWE-707

Tags

Missing Update Known Vulnerabilities