7 matches found
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting XSS vulnerability in the phpCAS client library before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via a crafted URL, which is not properly handled in an error message...
CVE-2010-1613
Moodle 1.8.x and 1.9.x before 1.9.8 does not enable the "Regenerate session id during login" setting by default, which makes it easier for remote attackers to conduct session fixation attacks...
CVE-2010-1617
user/view.php in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 does not properly check a role, which allows remote authenticated users to obtain the full names of other users via the course profile page...
CVE-2010-1619
Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...
CVE-2010-1614
Multiple cross-site scripting XSS vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to 1 the Login-As feature or 2 when the global search feature is enabled, unspecified global search forms in the...
CVE-2010-1619
CVE-2010-1619 affects Moodle’s KSES HTML text cleaning library (weblib.php) via the fix_non_standard_entities function. The vulnerability allows remote XSS by crafting HTML entities and is reported in Moodle 1.8.x prior to 1.8.12 and 1.9.x prior to 1.9.8. Related advisories describe multiple link...
CVE-2010-1619
Cross-site scripting XSS vulnerability in the fixnonstandardentities function in the KSES HTML text cleaning library weblib.php, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities...