Published: 27/07/2004 Updated: 01/12/2020

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

VMScore: 685

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote malicious users to inject arbitrary web script or HTML via the file parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 1.3.0
moodle moodle 1.3.1
moodle moodle 1.3.2
moodle moodle 1.1.1
moodle moodle 1.2.0
moodle moodle 1.2.1

source: wwwsecurityfocuscom/bid/10718/info It is reported that Moodle is susceptible to a cross-site scripting vulnerability in the 'helpphp' script This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamic web content This issue may allow for theft of cookie-based auth ...

NVD-CWE-Other http://www.securityfocus.com/bid/10718 http://cvs.sourceforge.net/viewcvs.py/moodle/moodle/help.php http://marc.info/?l=bugtraq&m=108973588000027&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16684 https://nvd.nist.gov https://www.exploit-db.com/exploits/24279/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2004-0725

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect