Multiple cross-site scripting (XSS) vulnerabilities in Moodle prior to 1.6.2 might allow remote malicious users to inject arbitrary web script or HTML via (1) the choose parameter in files/index.php and (2) the sub parameter in doc/index.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 1.6.0 |
||
moodle moodle |