CVE-2012-2360
Moodle 2.0.x-2.0.8, 2.1.x-2.1.5, 2.2.x-2.2.2 - Authenticated Cross-Site Scripting via Wiki Page Title
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/05/23/2
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32018
Scores
EPSS
0.0016
EPSS Percentile
36.3%
Details
CWE
CWE-79
Status
published
Products (18)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.0.6
moodle/moodle
2.0.7
moodle/moodle
2.0.8
moodle/moodle
2.1.0
... and 8 more
Published
Jul 21, 2012
Tracked Since
Feb 18, 2026