Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-5336 - Vulnerability Database
Moodle

Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-5336

Medium
Reference: CVE-2015-5336
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-5336
Title: Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11 2.7.x before 2.7.11 2.8.x before 2.8.9 and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.