Moodle XSS Vulnerability
Low severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated Jan 25, 2024
Package
Affected versions
<= 2.5.9
>= 2.6.0, < 2.6.9
>= 2.7.0, < 2.7.6
>= 2.8.0, < 2.8.4
Patched versions
2.6.9
2.7.6
2.8.4
Description
Published by the National Vulnerability Database
Jun 1, 2015
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
Aug 1, 2023
Last updated
Jan 25, 2024
Credits
-
MarkLee131 Analyst
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
References