[go: up one dir, main page]

oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: moodle (XSS)

From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 16 Dec 2008 21:28:52 -0500 (EST)

======================================================
Name: CVE-2008-5432
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5432
Reference: MLIST:[oss-security] 20081209 CVE request: moodle (XSS)
Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/09/4
Reference: CONFIRM:http://moodle.org/mod/forum/discuss.php?d=108590

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7
before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote
attackers to inject arbitrary web script or HTML via a Wiki page name
(aka page title).
Previous By Date Next
Previous By Thread Next

Current thread: