Lucene search

[email protected]NVD:CVE-2010-2229

HistoryJun 28, 2010 - 5:30 p.m.

CVE-2010-2229

2010-06-2817:30:01

CWE-79

[email protected]

web.nvd.nist.gov

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in blog/index.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Affected configurations

NVD

Node

moodlemoodleRange≤1.8.12

moodlemoodleMatch1.1.1

moodlemoodleMatch1.2.0

moodlemoodleMatch1.2.1

moodlemoodleMatch1.3.0

moodlemoodleMatch1.3.1

moodlemoodleMatch1.3.2

moodlemoodleMatch1.3.3

moodlemoodleMatch1.3.4

moodlemoodleMatch1.4.1

moodlemoodleMatch1.4.2

moodlemoodleMatch1.4.3

moodlemoodleMatch1.4.4

moodlemoodleMatch1.4.5

moodlemoodleMatch1.5

moodlemoodleMatch1.5.0beta

moodlemoodleMatch1.5.1

moodlemoodleMatch1.5.2

moodlemoodleMatch1.5.3

moodlemoodleMatch1.6.0

moodlemoodleMatch1.6.1

moodlemoodleMatch1.6.2

moodlemoodleMatch1.6.3

moodlemoodleMatch1.6.4

moodlemoodleMatch1.6.5

moodlemoodleMatch1.6.6

moodlemoodleMatch1.6.7

moodlemoodleMatch1.6.8

moodlemoodleMatch1.7.1

moodlemoodleMatch1.7.2

moodlemoodleMatch1.7.3

moodlemoodleMatch1.7.4

moodlemoodleMatch1.7.5

moodlemoodleMatch1.7.6

moodlemoodleMatch1.8.1

moodlemoodleMatch1.8.2

moodlemoodleMatch1.8.3

moodlemoodleMatch1.8.4

moodlemoodleMatch1.8.5

moodlemoodleMatch1.8.6

moodlemoodleMatch1.8.7

moodlemoodleMatch1.8.8

moodlemoodleMatch1.8.9

moodlemoodleMatch1.8.10

moodlemoodleMatch1.8.11

Node

moodlemoodleMatch1.9.1

moodlemoodleMatch1.9.2

moodlemoodleMatch1.9.3

moodlemoodleMatch1.9.4

moodlemoodleMatch1.9.5

moodlemoodleMatch1.9.6

moodlemoodleMatch1.9.7

moodlemoodleMatch1.9.8

References

cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10

cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21

docs.moodle.org/en/Moodle_1.8.13_release_notes

docs.moodle.org/en/Moodle_1.9.9_release_notes

lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html

lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html

lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

moodle.org/mod/forum/discuss.php?d=152367

secunia.com/advisories/40248

secunia.com/advisories/40352

tracker.moodle.org/browse/MDL-22631

www.openwall.com/lists/oss-security/2010/06/21/2

www.vupen.com/english/advisories/2010/1530

www.vupen.com/english/advisories/2010/1571

bugzilla.redhat.com/show_bug.cgi?id=605809

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

5.7 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

71.1%

JSON

Related for NVD:CVE-2010-2229

prion1 ubuntucve1 cvelist1 cve1 fedora3 openvas11 nessus6 osv1 debian2