Description

Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.

Remediation

References

CVE-2015-0212

Related Vulnerabilities

WordPress Plugin WebLibrarian Multiple Unspecified Vulnerabilities (2.6.3.1)

Oracle Database Server CVE-2007-5512 Vulnerability (CVE-2007-5512)

WordPress Plugin RSVP and Event Management Cross-Site Scripting (2.3.7)

WordPress Plugin Registration Forms-User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Open Redirect (3.7.2.3)

WordPress Plugin Contact Form 7 Integrations Multiple Cross-Site Scripting Vulnerabilities (1.3.10)

Severity

Low

Classification

CVE-2015-0212 CWE-707

Tags

Missing Update Known Vulnerabilities