Description
The vulnerability was found Moodle which exists due to insufficient sanitization of user-supplied data in some returnurl parameters. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website. This flaw allows a remote attacker to perform cross-site scripting (XSS) attacks.
Remediation
References
Related Vulnerabilities
WordPress Plugin MailPoet Newsletters (Previous) Security Bypass (2.8.1)
WordPress Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-5487)
WordPress Plugin MailArchiver Cross-Site Scripting (2.10.1)
WordPress Plugin Xorbin Analog Flash Clock Cross-Site Scripting (1.0)
WordPress Plugin WP Visitor Statistics (Real Time Traffic) SQL Injection (4.7)