CVE-2012-2361
Moodle 2.0.x-2.0.8, 2.1.x-2.1.5, 2.2.x-2.2.2 - Authenticated Cross-Site Scripting via Web Service Name Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.
References (2)
Core 2
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/05/23/2
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31694
Scores
EPSS
0.0016
EPSS Percentile
36.3%
Details
CWE
CWE-79
Status
published
Products (18)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.0.6
moodle/moodle
2.0.7
moodle/moodle
2.0.8
moodle/moodle
2.1.0
... and 8 more
Published
Jul 21, 2012
Tracked Since
Feb 18, 2026