Lucene search
K

7 matches found

GitLab Advisory Database
GitLab Advisory Database
added 2022/05/13 12:0 a.m.48 views

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...

4.3CVSS6AI score0.01813EPSS
Exploits0References8Affected Software1
NVD
NVD
added 2010/04/29 9:30 p.m.22 views

CVE-2010-1613

Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks...

6.8CVSS6.4AI score0.0181EPSS
Exploits0References3
UbuntuCve
UbuntuCve
added 2010/04/29 9:30 p.m.25 views

CVE-2010-1617

user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page...

4CVSS5.9AI score0.01525EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2010/04/29 9:30 p.m.22 views

CVE-2010-1619

Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...

4.3CVSS6AI score0.01669EPSS
Exploits0References1
Cvelist
Cvelist
added 2010/04/29 9:0 p.m.26 views

CVE-2010-1614

Multiple cross-site scripting XSS vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the Login-As feature or 2 when the global search feature is enabled, unspecified global search forms in the...

5.8AI score0.01669EPSS
Exploits0References3
CVE
CVE
added 2010/04/29 9:0 p.m.55 views

CVE-2010-1619

CVE-2010-1619 affects Moodle’s KSES HTML text cleaning library (weblib.php) via the fix_non_standard_entities function. The vulnerability allows remote XSS by crafting HTML entities and is reported in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8. Related advisories describe multiple link...

4.3CVSS5.5AI score0.01669EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2010/04/29 9:0 p.m.27 views

CVE-2010-1619

Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...

4.3CVSS3.8AI score0.01669EPSS
Exploits0
Rows per page
Query Builder