Lucene search

[email protected]CVE-2008-0123

HistoryJan 12, 2008 - 1:46 a.m.

CVE-2008-0123

2008-01-1201:46:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2008-0123

cross-site scripting

xss

moodle

install.php

web security

nvd

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.024 Low

EPSS

Percentile

89.9%

JSON

Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete.

Affected configurations

NVD

Node

moodlemoodleRange≤1.8.3

CPENameOperatorVersion
moodle:moodlemoodlele1.8.3

CPE	Name	Operator	Version
moodle:moodle	moodle	le	1.8.3

References

archives.neohapsis.com/archives/fulldisclosure/2008-01/0202.html

int21.de/cve/CVE-2008-0123-moodle.html

lists.opensuse.org/opensuse-security-announce/2008-02/msg00003.html

secunia.com/advisories/28838

www.securityfocus.com/archive/1/486198/100/0/threaded

www.securityfocus.com/bid/27259

www.vupen.com/english/advisories/2008/0164

exchange.xforce.ibmcloud.com/vulnerabilities/39630

6.3 Medium

AI Score

Confidence

Low

4.3 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.024 Low

EPSS

Percentile

89.9%

JSON

Related for CVE-2008-0123

nessus3 cvelist1 fedora4 openvas8 securityvulns2 packetstorm1 prion1 redhatcve1 ubuntucve1 nvd1