Description In Moodle 3.x, there is XSS via a calendar event name. Remediation References CVE-2018-1045 Related Vulnerabilities Liferay Portal Incorrect Default Permissions Vulnerability (CVE-2021-29052) MyBB Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') Vulnerability (CVE-2008-3965) OpenSSL Missing Encryption of Sensitive Data Vulnerability (CVE-2019-1563) PHP Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') Vulnerability (CVE-2016-7125) WordPress Plugin Modern Events Calendar Lite Multiple Vulnerabilities (5.16.2) Severity Medium Classification CVE-2018-1045 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Tags Missing Update Known Vulnerabilities