CVE-2011-4282

Name of the Vulnerable Software and Affected Versions Moodle versions 2.0.x through 2.0.1

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities in the course-tags functionality. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML via the sort or show parameters in the tag/coursetags more.php file.

Recommendations For Moodle versions 2.0.x through 2.0.1, update to version 2.0.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the tag/coursetags more.php file to minimize the risk of exploitation. Avoid using the sort and show parameters in the affected functionality until the issue is resolved.