Published: 28/06/2010 Updated: 01/12/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:N/I:P/A:N

The KSES text cleaning filter in lib/weblib.php in Moodle prior to 1.8.13 and 1.9.x prior to 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.

Vulnerable Product	Search on Vulmon	Subscribe to Product
moodle moodle 1.8.9
moodle moodle 1.8.8
moodle moodle 1.6.3
moodle moodle 1.6.5
moodle moodle 1.6.2
moodle moodle 1.5
moodle moodle 1.5.1
moodle moodle 1.4.5
moodle moodle 1.4.4
moodle moodle 1.2.0
moodle moodle 1.1.1
moodle moodle
moodle moodle 1.8.4
moodle moodle 1.8.3
moodle moodle 1.7.6
moodle moodle 1.7.4
moodle moodle 1.6.8
moodle moodle 1.6.7
moodle moodle 1.5.0
moodle moodle 1.4.1
moodle moodle 1.3.0
moodle moodle 1.3.3
moodle moodle 1.8.7
moodle moodle 1.8.6
moodle moodle 1.8.5
moodle moodle 1.7.3
moodle moodle 1.7.2
moodle moodle 1.6.4
moodle moodle 1.6.6
moodle moodle 1.5.2
moodle moodle 1.5.3
moodle moodle 1.3.4
moodle moodle 1.3.1
moodle moodle 1.8.11
moodle moodle 1.8.10
moodle moodle 1.8.2
moodle moodle 1.8.1
moodle moodle 1.7.5
moodle moodle 1.7.1
moodle moodle 1.6.0
moodle moodle 1.6.1
moodle moodle 1.4.3
moodle moodle 1.4.2
moodle moodle 1.3.2
moodle moodle 1.2.1
moodle moodle 1.9.6
moodle moodle 1.9.7
moodle moodle 1.9.1
moodle moodle 1.9.2
moodle moodle 1.9.8
moodle moodle 1.9.3
moodle moodle 1.9.4
moodle moodle 1.9.5

Several remote vulnerabilities have been discovered in Moodle, a course management system The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-1613 Moodle does not enable the Regenerate session id during login setting by default, which makes it easier for remote attackers to conduct session fixation atta ...

CWE-79 http://tracker.moodle.org/browse/MDL-22042 http://secunia.com/advisories/40248 http://www.vupen.com/english/advisories/2010/1571 http://www.vupen.com/english/advisories/2010/1530 http://secunia.com/advisories/40352 http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115 http://moodle.org/mod/forum/discuss.php?d=152368 http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html https://bugzilla.redhat.com/show_bug.cgi?id=605809 http://docs.moodle.org/en/Moodle_1.9.9_release_notes http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html http://www.openwall.com/lists/oss-security/2010/06/21/2 http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172 http://docs.moodle.org/en/Moodle_1.8.13_release_notes http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html https://nvd.nist.gov https://www.debian.org/security/./dsa-2115

CVE-2010-2230

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect