CVE-2011-4286
Moodle 1.9.0-1.9.10 - Cross-Site Scripting via Media Filter Flash Video and YouTube Vectors
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.
References (3)
Core 3
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2011/11/14/1
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f81bfd412c6b2e93a5b15711727d5cb7cc78336
Vendor Advisory x_refsource_confirm
http://moodle.org/mod/forum/discuss.php?d=170012
Scores
EPSS
0.0030
EPSS Percentile
53.1%
Details
CWE
CWE-79
Status
published
Products (13)
moodle/moodle
1.9.1
moodle/moodle
1.9.2
moodle/moodle
1.9.3
moodle/moodle
1.9.4
moodle/moodle
1.9.5
moodle/moodle
1.9.6
moodle/moodle
1.9.7
moodle/moodle
1.9.8
moodle/moodle
1.9.9
moodle/moodle
1.9.10
... and 3 more
Published
Jul 16, 2012
Tracked Since
Feb 18, 2026