PT-2015-1590 · Moodle · Moodle
Gjoko Krstic
·
Published
2015-03-18
·
Updated
2022-05-13
·
CVE-2015-2269
CVSS v2.0
3.5
Low
| Vector | AV:N/AC:M/Au:S/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 2.5.9
Moodle versions 2.6.x before 2.6.9
Moodle versions 2.7.x before 2.7.6
Moodle versions 2.8.x before 2.8.4
Description
The issue exists due to a lack of protection for the web page structure in the lib/javascript-static.js component of the Moodle learning management system. This allows a remote attacker to inject arbitrary web or HTML code using attributes of the IMG element, such as the
alt or title attribute.Recommendations
For Moodle versions prior to 2.5.9, update to version 2.5.9 or later.
For Moodle versions 2.6.x before 2.6.9, update to version 2.6.9 or later.
For Moodle versions 2.7.x before 2.7.6, update to version 2.7.6 or later.
For Moodle versions 2.8.x before 2.8.4, update to version 2.8.4 or later.
Exploit
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Moodle