Published: 28/06/2010 Updated: 01/12/2020

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 allows remote malicious users to inject arbitrary web script or HTML via vectors involving extended characters in a username.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 1.1.1
moodle moodle 1.2.0
moodle moodle 1.4.1
moodle moodle 1.4.2
moodle moodle 1.5.3
moodle moodle 1.5.0
moodle moodle 1.6.7
moodle moodle 1.6.8
moodle moodle 1.2.1
moodle moodle 1.3.0
moodle moodle 1.4.3
moodle moodle 1.4.4
moodle moodle 1.6.0
moodle moodle 1.6.1
moodle moodle 1.7.1
moodle moodle 1.8.1
moodle moodle 1.8.2
moodle moodle 1.8.9
moodle moodle 1.8.10
moodle moodle 1.3.1
moodle moodle 1.3.2
moodle moodle 1.4.5
moodle moodle 1.5
moodle moodle 1.6.2
moodle moodle 1.6.3
moodle moodle 1.7.2
moodle moodle 1.7.3
moodle moodle 1.8.3
moodle moodle 1.8.4
moodle moodle 1.8.11
moodle moodle
moodle moodle 1.7.6
moodle moodle 1.8.7
moodle moodle 1.8.8
moodle moodle 1.3.3
moodle moodle 1.3.4
moodle moodle 1.5.1
moodle moodle 1.5.2
moodle moodle 1.6.4
moodle moodle 1.6.5
moodle moodle 1.6.6
moodle moodle 1.7.4
moodle moodle 1.7.5
moodle moodle 1.8.5
moodle moodle 1.8.6
moodle moodle 1.9.4
moodle moodle 1.9.5
moodle moodle 1.9.6
moodle moodle 1.9.7
moodle moodle 1.9.2
moodle moodle 1.9.3
moodle moodle 1.9.1
moodle moodle 1.9.8

Several remote vulnerabilities have been discovered in Moodle, a course management system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1613 Moodle does not enable the Regenerate session id during login setting by default, which makes it easier for remote attackers to conduct session fixation atta ...

CWE-79 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html http://docs.moodle.org/en/Moodle_1.9.9_release_notes http://moodle.org/mod/forum/discuss.php?d=152366 http://secunia.com/advisories/40352 http://www.openwall.com/lists/oss-security/2010/06/21/2 http://secunia.com/advisories/40248 http://www.vupen.com/english/advisories/2010/1571 http://www.vupen.com/english/advisories/2010/1530 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html https://bugzilla.redhat.com/show_bug.cgi?id=605809 http://docs.moodle.org/en/Moodle_1.8.13_release_notes http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html http://tracker.moodle.org/browse/MDL-22040 http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html https://nvd.nist.gov https://www.debian.org/security/./dsa-2115

CVE-2010-2228

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect