CVE-2006-4784

Name of the Vulnerable Software and Affected Versions Moodle versions 1.6.1 and earlier

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to API endpoints such as "doc/index.php" or "files/index.php".

Recommendations For Moodle versions 1.6.1 and earlier, consider updating to a version that is not affected by this issue. As a temporary workaround, restrict access to the "doc/index.php" and "files/index.php" API endpoints until a patch is available. Avoid using unspecified parameters in these endpoints to minimize the risk of exploitation.