Description

Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field.

Remediation

References

CVE-2016-2153

Related Vulnerabilities

datatables Cross-site Scripting (XSS) Vulnerability (CVE-2015-6584)

WordPress Plugin Community by PeepSo-Social Network, Membership, Registration, User Profiles Multiple Vulnerabilities (1.11.5)

WordPress Plugin WordPress File Upload Multiple Vulnerabilities (2.7.6)

e107 Permissions, Privileges, and Access Controls Vulnerability (CVE-2010-2099)

WordPress Permissions, Privileges, and Access Controls Vulnerability (CVE-2009-2432)

Severity

Medium

Classification

CVE-2016-2153 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities