CVE-2011-4306

Moodle 1.9.x <1.9.14 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.

References (3)

[Patch] http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15

[Vendor Advisory] http://moodle.org/mod/forum/discuss.php?d=188319

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=747444

Scores

EPSS 0.0030

EPSS Percentile 52.7%

Classification

CWE

CWE-79

Status published

Affected Products (15)

moodle/moodle

moodle/moodle < 1.9.14Packagist

n/a/n/a

Timeline

Published Jul 11, 2012

Tracked Since Feb 18, 2026