Moodle is susceptible to cross-site scripting (XSS) attacks. The attacks are possible because the parameter passed to blog/index.php
is not properly sanitized. It allows the attackers to inject arbitrary web script or HTML through it when Internet Explorer is used.
git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=038131c8b5614f18c14d964dc53b6960ae6c30d8
git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8
openwall.com/lists/oss-security/2012/05/23/2
osvdb.org/82069
github.com/moodle/moodle/commit/038131c8b5614f18c14d964dc53b6960ae6c30d8
moodle.org/mod/forum/discuss.php?d=203052
security-tracker.debian.org/tracker/CVE-2012-2362