Description

Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.

Remediation

References

CVE-2015-3275

Related Vulnerabilities

WordPress Plugin Duplicate Post Cross-Site Scripting (2.6)

WordPress Plugin Connections Business Directory CSV Injection (9.6)

WordPress Plugin Ultimate SMS Notifications for WooCommerce CSV Injection (1.4.1)

WordPress Plugin MM Forms Community 'edit_details.php' SQL Injection (1.2.3)

WordPress Plugin Content Blocks (Custom Post Widget) Cross-Site Scripting (3.0)

Severity

Medium

Classification

CVE-2015-3275 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities