CVE-2010-1614

2010-04-2921:30:00

CWE-79

[email protected]

web.nvd.nist.gov

cve-2010-1614

xss vulnerabilities

moodle

web script injection

html injection

csrf vulnerability

nvd

security advisory

6 Medium

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

56.6%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.

CPENameOperatorVersion
moodle:moodlemoodleeq1.9.4
moodle:moodlemoodleeq1.9.1
moodle:moodlemoodleeq1.8.8
moodle:moodlemoodleeq1.9.6
moodle:moodlemoodleeq1.8.2
moodle:moodlemoodleeq1.9.2
moodle:moodlemoodleeq1.8.6
moodle:moodlemoodleeq1.8.5
moodle:moodlemoodleeq1.8.3
moodle:moodlemoodleeq1.8.9

CPE	Name	Operator	Version
moodle:moodle	moodle	eq	1.9.4
moodle:moodle	moodle	eq	1.9.1
moodle:moodle	moodle	eq	1.8.8
moodle:moodle	moodle	eq	1.9.6
moodle:moodle	moodle	eq	1.8.2
moodle:moodle	moodle	eq	1.9.2
moodle:moodle	moodle	eq	1.8.6
moodle:moodle	moodle	eq	1.8.5
moodle:moodle	moodle	eq	1.8.3
moodle:moodle	moodle	eq	1.8.9