CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
56.9%
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities
function in the KSES HTML text cleaning library (weblib.php), as used in
Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers
to inject arbitrary web script or HTML via crafted HTML entities.
Author | Note |
---|---|
kees | MSA-10-0001 http://tracker.moodle.org/browse/MDL-21026 |