Moderate severityNVD Advisory· Published Jul 11, 2012· Updated Jun 16, 2026
CVE-2011-4306
CVE-2011-4306
Description
Cross-site scripting (XSS) vulnerability in course/editsection.html in Moodle 1.9.x before 1.9.14 allows remote authenticated users to inject arbitrary web script or HTML via crafted data.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | < 1.9.14 | 1.9.14 |
Affected products
14cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*+ 12 more
- cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
7- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- github.com/advisories/GHSA-r729-mx2r-j26jghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2011-4306ghsaADVISORY
- git.moodle.org/gwnvdWEB
- git.moodle.org/gwghsaWEB
- bugzilla.redhat.com/show_bug.cginvdWEB
- github.com/moodle/moodle/commit/4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15ghsaWEB
News mentions
0No linked articles in our index yet.