Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5432

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2008-5432
Last Modified 07 Mar 2011 10:14:35
Published 11 Dec 2008 10:30:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5432

Summary

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

Vulnerable Systems

Application

  • Moodle 1.1.1

  • Moodle 1.2

  • Moodle 1.2.1

  • Moodle 1.3

  • Moodle 1.3.1

  • Moodle 1.3.2

  • Moodle 1.3.3

  • Moodle 1.3.4

  • Moodle 1.4.1

  • Moodle 1.4.2

  • Moodle 1.4.3

  • Moodle 1.4.4

  • Moodle 1.4.5

  • Moodle 1.5

  • Moodle 1.5.1

  • Moodle 1.5.2

  • Moodle 1.5.3

  • Moodle 1.6

  • Moodle 1.6.1

  • Moodle 1.6.3

  • Moodle 1.6.4

  • Moodle 1.6.5

  • Moodle 1.6.6

  • Moodle 1.6.7

  • Moodle 1.7

  • Moodle 1.7.1

  • Moodle 1.7.2

  • Moodle 1.7.3

  • Moodle 1.7.4

  • Moodle 1.7.5

  • Moodle 1.8

  • Moodle 1.8.1

  • Moodle 1.8.2

  • Moodle 1.8.3

  • Moodle 1.8.4

  • Moodle 1.8.5

  • Moodle 1.8.6

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.2


References

XF - moodle-pagetitles-xss(47193)

VUPEN - ADV-2008-3405

BID - 32714

MLIST - [oss-security] 20081209 CVE request: moodle (XSS)

DEBIAN - DSA-1691

SECUNIA - 33822

SECUNIA - 33079

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=108590

SUSE - SUSE-SR:2009:003


Last Updated: 27 May 2016 10:48:49