Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8 allow remote malicious users to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle 1.8.8 |
||
moodle moodle 1.8.2 |
||
moodle moodle 1.8.1 |
||
moodle moodle 1.8.7 |
||
moodle moodle 1.8.9 |
||
moodle moodle 1.8.3 |
||
moodle moodle 1.8.10 |
||
moodle moodle 1.9.6 |
||
moodle moodle 1.9.7 |
||
moodle moodle 1.8.6 |
||
moodle moodle 1.8.5 |
||
moodle moodle 1.8.11 |
||
moodle moodle 1.9.4 |
||
moodle moodle 1.8.4 |
||
moodle moodle 1.9.3 |
||
moodle moodle 1.9.5 |
||
moodle moodle 1.9.2 |
||
moodle moodle 1.9.1 |