CVE-2012-3389
Moodle - XSS
Title source: ruleDescription
Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
References (5)
Scores
EPSS
0.0029
EPSS Percentile
52.5%
Classification
CWE
CWE-79
Status
published
Affected Products (6)
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
moodle/moodle
n/a/n/a
Timeline
Published
Jul 23, 2012
Tracked Since
Feb 18, 2026