Moderate severityNVD Advisory· Published Jul 16, 2012· Updated Apr 29, 2026

CVE-2011-4280

Description

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
moodle/moodlePackagist	>= 2.0, < 2.0.2	2.0.2

Affected products

Moodle/Moodle2 versions
cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*
Nimish Pachapurkar/Spike Phpcoverage
cpe:2.3:a:nimish_pachapurkar:spike_phpcoverage:*:*:*:*:*:*:*:*

Patches

bd654f0ced8a

MDL-26237 code coverage - prevent execution of not used stuff

https://github.com/moodle/moodleEloy Lafuente (stronk7)Feb 2, 2011via ghsa

commit

3 files changed · +4 −0

lib/spikephpcoverage/readme_moodle.txt+2 −0 modified

@@ -18,5 +18,7 @@ Our changes: /// Look for "moodle" in code
  * src/reporter/HtmlCoverageReporter.php, src/reporter/html/indexheader.html,
    src/reporter/html/header.html, src/reporter/html/footer.html - various xhtml fixes
  * removed deprecated "=& new"
+ * src/phpcoverage.remote.bottom.inc.php | => Prevent execution (not used and unsecure)
+   src/phpcoverage.remote.top.inc.php    |
 
 20090621 - Eloy Lafuente (stronk7): Original import of 0.8.2 release

lib/spikephpcoverage/src/phpcoverage.remote.bottom.inc.php+1 −0 modified

@@ -1,4 +1,5 @@
 <?php
+    die(); // This (unsecure MDL-26237) stuff isn't used by moodle at all
 /*
  *  $Id$
  *

lib/spikephpcoverage/src/phpcoverage.remote.top.inc.php+1 −0 modified

@@ -1,4 +1,5 @@
 <?php
+    die(); // This (unsecure MDL-26237) stuff isn't used by moodle at all
 /*
  *  $Id$
  *

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
github.com/advisories/GHSA-mx5g-3vxh-rgm8ghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2011-4280ghsaADVISORY
openwall.com/lists/oss-security/2011/11/14/1nvdWEB
github.com/moodle/moodle/commit/bd654f0ced8af925c27b7c94321f0c299b50b38eghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.260
epss	0.002
exploit	0.030
kev	0.000
patch	-0.070
ransomware	0.000