CVE-2006-4941
Moodle < 1.6.2 - Cross-Site Scripting via Choose and Sub Parameters
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
References (1)
Core 1
Core References
Various Sources x_refsource_confirm
http://docs.moodle.org/en/Release_notes#Moodle_1.6.2
Scores
EPSS
0.0030
EPSS Percentile
53.2%
Details
Status
published
Products (2)
moodle/moodle
1.6.0
moodle/moodle
< 1.6.1
Published
Sep 23, 2006
Tracked Since
Feb 18, 2026