CVE-2012-2365
Moodle 2.0.x-2.0.9, 2.1.x-2.1.6, 2.2.x-2.2.3 - Authenticated Cross-Site Scripting via Cohort ID Number Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
References (4)
Core 4
Core References
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31691
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/05/23/2
Various Sources x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=203055
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/82072
Scores
EPSS
0.0018
EPSS Percentile
39.1%
Details
CWE
CWE-79
Status
published
Products (18)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.0.6
moodle/moodle
2.0.7
moodle/moodle
2.0.8
moodle/moodle
2.1.0
... and 8 more
Published
Jul 21, 2012
Tracked Since
Feb 18, 2026