Description
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
Mailman CVE-2006-2941 Vulnerability (CVE-2006-2941)
MediaWiki Other Vulnerability (CVE-2004-2186)
Apache HTTP Server Permissions, Privileges, and Access Controls Vulnerability (CVE-2015-3185)
WordPress Plugin WooCommerce Amazon Affiliates Multiple Vulnerabilities (8.0)
WordPress Plugin Nextend Google Connect Cross-Site Scripting (1.5.0)