MSA-12-0031: Cross-site scripting vulnerability in Wiki

MSA-12-0031: Cross-site scripting vulnerability in Wiki

by Michael de Raadt -
Number of replies: 0
Topic: Injection and XSS vulnerability in wiki through insufficient validation
Severity/Risk: Serious
Versions affected: 2.2 to 2.2.2+, 2.1 to 2.1.5+, 2.0 to 2.0.8+
Reported by: Sam Hemelryk
Issue no.: MDL-32018

CVE Identifier:

 CVE-2012-2360
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32018

Description:

It was possible to inject unfiltered HTML into a wiki page title.