CVE-2011-4282

Moodle 2.0.x <2.0.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.

References (3)

[Patch] http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=73de6fa06f6923278950a445bd69b3fbc1e518d2

[Vendor Advisory] http://moodle.org/mod/forum/discuss.php?d=170008

[Mailing List] http://openwall.com/lists/oss-security/2011/11/14/1

Scores

EPSS 0.0030

EPSS Percentile 52.7%

Classification

CWE

CWE-79

Status published

Affected Products (4)

moodle/moodle

moodle/moodle < 2.0.2Packagist

n/a/n/a

Timeline

Published Jul 16, 2012

Tracked Since Feb 18, 2026