29 matches found
CVE-2015-3344
Cross-site scripting XSS vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
Cross site scripting
Cross-site scripting XSS vulnerability in the Course module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via a node title...
CVE-2015-3344
The CVE-2015-3344 issue affects the Drupal Course module (versions 6.x-1.x prior to 6.x-1.2 and 7.x-1.x prior to 7.x-1.4). The underlying problem is insufficient filtering of node title displays, enabling remote authenticated users to inject arbitrary script/HTML via a node title (XSS). Affected ...
SA-CONTRIB-2015-002 - Course - Cross Site Scripting (XSS)
Course module enables you to create e-learning courses with any number of requirements for completion. The module doesn't sufficiently filter node title displays when being used in a course. This vulnerability is mitigated by the fact that an attacker must have a role with the permission to creat...
CVE-2013-6267
Multiple cross-site scripting XSS vulnerabilities in Claroline before 1.11.9 allow remote attackers to inject arbitrary web script or HTML via the 1 box parameter to messaging/messagebox.php, cidToEdit parameter to 2 adminregisteruser.php or 3 adminusercoursesettings.php in admin/, 4 moduleid...
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors...
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors...
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors...
CVE-2006-4936
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object. Affects Moodle prior to 1.6.2; underlying cause is improper validation. Impact is described as unspecified, with remote attack vectors mentioned in the provided materials; no remediation de...