CVE-2006-4941

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 1.6.2

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities might allow remote attackers to inject arbitrary web script or HTML. Specifically, the vulnerabilities are found in the "choose" parameter in "files/index.php" and the "sub" parameter in "doc/index.php".

Recommendations For versions prior to 1.6.2, update to version 1.6.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the affected API endpoints, such as "files/index.php" and "doc/index.php", until a patch is available. Avoid using the choose and sub parameters in the affected endpoints until the issue is resolved.