Moodle : Security Vulnerabilities, CVEs, Published In 2012 (XSS)

CVE-2012-3396

Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
Max CVSS
3.5
EPSS Score
0.13%
Published
2012-07-23
Updated
2023-02-13

CVE-2012-3393

Cross-site scripting (XSS) vulnerability in repository/lib.php in Moodle 2.1.x before 2.1.7 and 2.2.x before 2.2.4 allows remote authenticated administrators to inject arbitrary web script or HTML by renaming a repository.
Max CVSS
3.5
EPSS Score
0.13%
Published
2012-07-23
Updated
2020-12-01

CVE-2012-3389

Multiple cross-site scripting (XSS) vulnerabilities in mod/lti/typessettings.php in Moodle 2.2.x before 2.2.4 and 2.3.x before 2.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) lti_typename or (2) lti_toolurl parameter.
Max CVSS
4.3
EPSS Score
0.25%
Published
2012-07-23
Updated
2020-12-01

CVE-2012-2365

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.
Max CVSS
3.5
EPSS Score
0.12%
Published
2012-07-21
Updated
2020-12-01

CVE-2012-2364

Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a "download all" action.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-07-21
Updated
2023-02-13

CVE-2012-2362

Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.
Max CVSS
2.6
EPSS Score
0.22%
Published
2012-07-21
Updated
2023-02-13

CVE-2012-2361

Cross-site scripting (XSS) vulnerability in admin/webservice/forms.php in the web services implementation in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the name field (aka the service name) to admin/webservice/service.php.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-07-21
Updated
2020-12-01

CVE-2012-2360

Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via a crafted string that is inserted into a page title.
Max CVSS
3.5
EPSS Score
0.07%
Published
2012-07-21
Updated
2020-12-01

CVE-2011-4591

Cross-site scripting (XSS) vulnerability in the print_object function in lib/datalib.php in Moodle 2.0.x before 2.0.6 and 2.1.x before 2.1.3, when a developer debugging script is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors involving object states.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-20
Updated
2023-02-13

CVE-2011-4307

Cross-site scripting (XSS) vulnerability in mod/wiki/lang/en/wiki.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the section parameter.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-11
Updated
2023-02-13

CVE-2011-4306

Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-11
Updated
2023-02-13

CVE-2011-4299

Cross-site scripting (XSS) vulnerability in mod/wiki/pagelib.php in Moodle 2.0.x before 2.0.5 and 2.1.x before 2.1.2 allows remote authenticated users to inject arbitrary web script or HTML via a wiki comment.
Max CVSS
4.3
EPSS Score
0.13%
Published
2012-07-11
Updated
2020-12-01

CVE-2011-4290

Multiple cross-site scripting (XSS) vulnerabilities in lib/weblib.php in Moodle 1.9.x before 1.9.12 allow remote attackers to inject arbitrary web script or HTML via vectors related to URL encoding.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-16
Updated
2023-02-13

CVE-2011-4286

Multiple cross-site scripting (XSS) vulnerabilities in the media-filter implementation in filter/mediaplugin/filter.php in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) Flash Video (aka FLV) files and (2) YouTube videos.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-16
Updated
2020-12-01

CVE-2011-4282

Multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality in tag/coursetags_more.php in Moodle 2.0.x before 2.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) sort or (2) show parameter.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-16
Updated
2020-12-01

CVE-2011-4280

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.18%
Published
2012-07-16
Updated
2020-12-01

CVE-2011-4278

Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Max CVSS
4.3
EPSS Score
0.19%
Published
2012-07-16
Updated
2020-12-01
17 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close