CVE-2012-2361

Moodle <2.0.9-2.2.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.

References (2)

Scores

EPSS 0.0016
EPSS Percentile 36.5%

Classification

CWE
CWE-79
Status published

Affected Products (19)

moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 4 more

Timeline

Published Jul 21, 2012
Tracked Since Feb 18, 2026