Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-5337 - Vulnerability Database

Moodle

Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability - CVE-2015-5337

Medium

Reference: CVE-2015-5337

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2015-5337

Title: Moodle Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Overview:

Moodle through 2.6.11 2.7.x before 2.7.11 2.8.x before 2.8.9 and 2.9.x before 2.9.3 does not properly restrict the availability of Flowplayer which allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted .swf file.