Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-3326

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2008-3326
Last Modified 19 Aug 2009 01:17:22
Published 25 Jul 2008 12:41:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-3326

Summary

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

Vulnerable Systems

Application

  • Moodle 1.6

  • Moodle 1.6.1

  • Moodle 1.6.2

  • Moodle 1.6.3

  • Moodle 1.6.4

  • Moodle 1.6.5

  • Moodle 1.6.6

  • Moodle 1.7

  • Moodle 1.7.1

  • Moodle 1.7.2

  • Moodle 1.7.3

  • Moodle 1.7.4


References

XF - moodle-edit-xss(43961)

BID - 30348

BUGTRAQ - 20080722 PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog entry title

MISC - http://www.procheckup.com/Vulnerability_PR08-13.php

MILW0RM - 6653

DEBIAN - DSA-1691

SECUNIA - 31339

SECUNIA - 31196

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=101401

SUSE - SUSE-SR:2008:016


Last Updated: 27 May 2016 10:48:09