Lucene search

[email protected]NVD:CVE-2008-5432

HistoryDec 11, 2008 - 3:30 p.m.

CVE-2008-5432

2008-12-1115:30:00

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

Affected configurations

NVD

Node

moodlemoodleRange≤1.6.7

moodlemoodleMatch1.1.1

moodlemoodleMatch1.2.0

moodlemoodleMatch1.2.1

moodlemoodleMatch1.3.0

moodlemoodleMatch1.3.1

moodlemoodleMatch1.3.2

moodlemoodleMatch1.3.3

moodlemoodleMatch1.3.4

moodlemoodleMatch1.4.1

moodlemoodleMatch1.4.2

moodlemoodleMatch1.4.3

moodlemoodleMatch1.4.4

moodlemoodleMatch1.4.5

moodlemoodleMatch1.5

moodlemoodleMatch1.5.1

moodlemoodleMatch1.5.2

moodlemoodleMatch1.5.3

moodlemoodleMatch1.6.0

moodlemoodleMatch1.6.1

moodlemoodleMatch1.6.3

moodlemoodleMatch1.6.4

moodlemoodleMatch1.6.5

moodlemoodleMatch1.6.6

moodlemoodleMatch1.7.0

moodlemoodleMatch1.7.1

moodlemoodleMatch1.7.2

moodlemoodleMatch1.7.3

moodlemoodleMatch1.7.4

moodlemoodleMatch1.7.5

moodlemoodleMatch1.8.0

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.6

moodlemoodleMatch1.9.0

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

References

lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html

moodle.org/mod/forum/discuss.php?d=108590

secunia.com/advisories/33079

secunia.com/advisories/33822

www.debian.org/security/2008/dsa-1691

www.openwall.com/lists/oss-security/2008/12/09/4

www.securityfocus.com/bid/32714

www.vupen.com/english/advisories/2008/3405

exchange.xforce.ibmcloud.com/vulnerabilities/47193

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.4 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.0%

JSON

Related for NVD:CVE-2008-5432

cvelist1 nessus4 cve1 prion1 ubuntucve1 openvas10 osv1 debian1 ubuntu1