Description

CRLF injection vulnerability in calendar/set.php in the Calendar subsystem in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, and 2.1.x before 2.1.3 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via unspecified vectors.

Remediation

References

CVE-2011-4586

Related Vulnerabilities

Collabtive Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-8935)

WordPress Plugin Random Banner Cross-Site Scripting (1.1.2.1)

Trac CVE-2009-4405 Vulnerability (CVE-2009-4405)

WordPress Plugin Contact Form DB-Elementor Cross-Site Scripting (1.7)

WordPress Plugin Alert Before Your Post Cross-Site Scripting (0.1.1)

Severity

Medium

Classification

CVE-2011-4586

Tags

Missing Update Known Vulnerabilities