Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-4280

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2011-4280
Last Modified 16 Jul 2012 12:00:00
Published 16 Jul 2012 06:28:36
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2011-4280

Summary

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Moodle 2.0

  • Moodle 2.0.1

  • Nimish Pachapurkar Spike Phpcoverage


References

MLIST - [oss-security] 20111113 Re: Fwd: DSA 2338-1 moodle security update

CONFIRM - http://moodle.org/mod/forum/discuss.php?d=170005

CONFIRM - http://git.moodle.org/gw?p=moodle.git;a=commit;h=bd654f0ced8af925c27b7c94321f0c299b50b38e


Last Updated: 27 May 2016 10:56:36