lib/setup.php in Moodle up to and including 2.4.11, 2.5.x prior to 2.5.9, 2.6.x prior to 2.6.6, and 2.7.x prior to 2.7.3 does not provide charset information in HTTP headers, which might allow remote malicious users to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
moodle moodle |
||
moodle moodle 2.6.3 |
||
moodle moodle 2.6.4 |
||
moodle moodle 2.6.5 |
||
moodle moodle 2.7.0 |
||
moodle moodle 2.5.4 |
||
moodle moodle 2.5.3 |
||
moodle moodle 2.5.2 |
||
moodle moodle 2.5.1 |
||
moodle moodle 2.5.7 |
||
moodle moodle 2.5.5 |
||
moodle moodle 2.5.0 |
||
moodle moodle 2.6.1 |
||
moodle moodle 2.7.2 |
||
moodle moodle 2.5.8 |
||
moodle moodle 2.5.6 |
||
moodle moodle 2.6.0 |
||
moodle moodle 2.6.2 |
||
moodle moodle 2.7.1 |