CVE-2011-4286

Moodle <2.0.2 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.

References (3)

[Patch] http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=8f81bfd412c6b2e93a5b15711727d5cb7cc78336

[Vendor Advisory] http://moodle.org/mod/forum/discuss.php?d=170012

[Mailing List] http://openwall.com/lists/oss-security/2011/11/14/1

Scores

EPSS 0.0030

EPSS Percentile 52.7%

Classification

CWE

CWE-79

Status published

Affected Products (14)

moodle/moodle

moodle/moodle < 1.9.11Packagist

n/a/n/a

Timeline

Published Jul 16, 2012

Tracked Since Feb 18, 2026