CVE-2012-2364

Moodle <2.0.9-2.2.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.

References (2)

Scores

EPSS 0.0016
EPSS Percentile 36.5%

Classification

CWE
CWE-79
Status published

Affected Products (19)

moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
... and 4 more

Timeline

Published Jul 21, 2012
Tracked Since Feb 18, 2026