4 matches found
CVE-2021-47857
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...
CVE-2021-47857 Moodle 3.10.3 - 'label' Persistent Cross Site Scripting
Moodle 3.10.3 contains a persistent cross-site scripting vulnerability in the calendar event subtitle field that allows attackers to inject malicious scripts. Attackers can craft a calendar event with malicious JavaScript in the subtitle track label to execute arbitrary code when users view the...
WordPress EventON plugin < 2.2.15 - Admin+ Stored Cross-Site Scripting via event subtitle vulnerability
Admin+ Stored Cross-Site Scripting via event subtitle vulnerability discovered by Felipe Caon in WordPress Plugin EventON versions 2.2.15...
PT-2026-3809
Name of the Vulnerable Software and Affected Versions Moodle versions prior to 3.10.4 Description A security issue exists in Moodle related to insufficient protection of the web page structure within the calendar event subtitle field. Successful exploitation of this issue could allow a remote...