CVE-2012-2365 - Weediest Bypasses

Description

Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via the idnumber field to cohort/edit.php.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31691 http://openwall.com/lists/oss-security/2012/05/23/2 http://osvdb.org/82072 https://moodle.org/mod/forum/discuss.php?d=203055