Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4278

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4278
Last Modified 16 Jul 2012 12:00:00
Published 16 Jul 2012 06:28:36
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4278

Summary

Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Moodle 1.9

  • Moodle 1.9.1

  • Moodle 1.9.10

  • Moodle 1.9.2

  • Moodle 1.9.3

  • Moodle 1.9.4

  • Moodle 1.9.5

  • Moodle 1.9.6

  • Moodle 1.9.7

  • Moodle 1.9.8

  • Moodle 1.9.9

  • Moodle 2.0

  • Moodle 2.0.1


References

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=fd29b2ad1c20906da00d7e523f39bc8a0358a65b

MLIST - [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=170003


Last Updated: 27 May 2016 10:49:38