First published: Sat Sep 23 2006(Updated: )
Multiple cross-site scripting (XSS) vulnerabilities in Moodle before 1.6.2 might allow remote attackers to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | <=1.6.1 | |
Moodle Moodle | =1.6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.