PT-2010-3830 · Moodle · Moodle

Publicado

2010-06-28

·

Atualizado

2022-05-13

·

CVE-2010-2230

CVSS v2.0

4.0

Média

VetorAV:N/AC:L/Au:S/C:N/I:P/A:N
Name of the Vulnerable Software and Affected Versions Moodle versions 1.8.0 through 1.8.12 Moodle versions 1.9.0 through 1.9.8
Description The issue concerns the KSES text cleaning filter in Moodle, which does not properly handle vbscript URIs. This allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
Recommendations For Moodle versions 1.8.0 through 1.8.12, update to version 1.8.13 or later. For Moodle versions 1.9.0 through 1.9.8, update to version 1.9.9 or later.

Correção

XSS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-79

Identificadores relacionados

CVE-2010-2230
DSA-2115-1
GHSA-3GM8-32VV-Q8MP

Produtos afetados

Moodle