Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 prior to 1.6.9, 1.7 prior to 1.7.7, 1.8 prior to 1.8.8, and 1.9 prior to 1.9.4, allows remote malicious users to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
snoopy snoopy 1.2.3 |
||
moodle moodle 1.7.4 |
||
moodle moodle 1.7.5 |
||
moodle moodle 1.8.5 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.7.0 |
||
moodle moodle 1.7.1 |
||
moodle moodle 1.8.2 |
||
moodle moodle 1.8.3 |
||
moodle moodle 1.8.7 |
||
moodle moodle 1.9.3 |
||
moodle moodle 1.7.2 |
||
moodle moodle 1.7.3 |
||
moodle moodle 1.8.4 |
||
moodle moodle 1.8.6 |
||
moodle moodle 1.7.6 |
||
moodle moodle 1.8.1 |
||
moodle moodle 1.9.1 |