2 matches found
CVE-2014-9059
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting XSS attacks via UTF-7 characters during interaction with AJAX scripts...
CVE-2014-9059
CVE-2014-9059 affects Moodle builds up to 2.7.3 (and older 2.4.x–2.6.x ranges shown in sources). The vulnerability is that lib/setup.php does not emit charset information in HTTP headers, which could allow remote attackers to perform cross-site scripting (XSS) using UTF-7 characters during intera...