Lucene search
MitreCVE-2010-1619HistoryApr 29, 2010 - 9:30 p.m.
CVE-2010-1619
2010-04-2921:30:00
CWE-79
mitre
web.nvd.nist.gov
32
cve-2010-1619
cross-site scripting
xss
kses
html text cleaning library
moodle 1.8.x
moodle 1.9.x
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.002
Percentile
56.9%
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.
Affected configurations
Node
moodlemoodleMatch1.8.1
ORmoodlemoodleMatch1.8.2
ORmoodlemoodleMatch1.8.3
ORmoodlemoodleMatch1.8.4
ORmoodlemoodleMatch1.8.5
ORmoodlemoodleMatch1.8.6
ORmoodlemoodleMatch1.8.7
ORmoodlemoodleMatch1.8.8
ORmoodlemoodleMatch1.8.9
ORmoodlemoodleMatch1.8.10
ORmoodlemoodleMatch1.8.11
ORmoodlemoodleMatch1.9.1
ORmoodlemoodleMatch1.9.2
ORmoodlemoodleMatch1.9.3
ORmoodlemoodleMatch1.9.4
ORmoodlemoodleMatch1.9.5
ORmoodlemoodleMatch1.9.6
ORmoodlemoodleMatch1.9.7
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | 1.8.1 | cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.2 | cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.3 | cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.4 | cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.5 | cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.6 | cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.7 | cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.8 | cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.9 | cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:* |
| moodle | moodle | 1.8.10 | cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:* |
Related
debiancve
debiancve
CVE-2010-1619
2010-04-29 21:30:00
prion
prion
Cross site scripting
2010-04-29 21:30:00
nvd
nvd
CVE-2010-1619
2010-04-29 21:30:00
ubuntucve
ubuntucve
CVE-2010-1619
2010-04-29 00:00:00
cvelist
cvelist
CVE-2010-1619
2010-04-29 21:00:00
openvas
openvas
Moodle Multiple Vulnerabilities
2010-05-19 00:00:00
Moodle Multiple Vulnerabilities
2010-05-19 00:00:00
Moodle 1.8.x < 1.8.12, 1.9.x < 1.9.8 Multiple Vulnerabilities
2010-04-12 00:00:00
nessus
nessus
openSUSE Security Update : moodle (openSUSE-SU-2010:0212-1)
2010-05-05 00:00:00
openSUSE Security Update : moodle (openSUSE-SU-2010:0212-1)
2010-05-05 00:00:00
Debian DSA-2115-1 : moodle - several vulnerabilities
2010-10-06 00:00:00
debian
debian
[SECURITY] [DSA-2115-2] New moodle packages fix several vulnerabilities
2010-10-11 05:18:06
[SECURITY] [DSA-2115-1] New moodle packages fix several vulnerabilities
2010-09-29 21:04:56
osv
osv
moodle - several vulnerabilities
2010-09-29 00:00:00
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.5
Confidence
High
EPSS
0.002
Percentile
56.9%
Related for CVE-2010-1619