Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2012-2364
Reference:
CVE-2012-2364
Title:
Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Overview:
Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression leading to text/html rendering during a quotdownload allquot action.