CVE-2011-4280

Spike PHPCoverage <2.0.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Exploits (1)

exploitdb WRITEUP VERIFIED

by AutoSec Tools · textwebappsphp

https://www.exploit-db.com/exploits/35297

View Code ZIP pw:eip

References (3)

[Patch] http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=bd654f0ced8af925c27b7c94321f0c299b50b38e

[Vendor Advisory] http://moodle.org/mod/forum/discuss.php?d=170005

[Mailing List] http://openwall.com/lists/oss-security/2011/11/14/1

Scores

EPSS 0.0197

EPSS Percentile 83.6%

Details

CWE

CWE-79

Status published

Products (4)

moodle/moodle 2.0.0

moodle/moodle 2.0.1

moodle/moodle 2.0 - 2.0.2Packagist

nimish_pachapurkar/spike_phpcoverage

Published Jul 16, 2012

Tracked Since Feb 18, 2026