CVE-2014-9059

Name of the Vulnerable Software and Affected Versions Moodle versions 2.4.11 and earlier, 2.5.x before 2.5.9, 2.6.x before 2.6.6, 2.7.x before 2.7.3

Description The issue allows remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts, due to the lack of charset information in HTTP headers.

Recommendations For versions 2.4.11 and earlier, update to version 2.4.12 or later. For versions 2.5.x before 2.5.9, update to version 2.5.9 or later. For versions 2.6.x before 2.6.6, update to version 2.6.6 or later. For versions 2.7.x before 2.7.3, update to version 2.7.3 or later.