oss-sec mailing list archives
Re: CVE request: moodle (XSS)
From: "Steven M. Christey" <coley () linus mitre org>
Date: Tue, 16 Dec 2008 21:28:52 -0500 (EST)
====================================================== Name: CVE-2008-5432 Status: Candidate URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5432 Reference: MLIST:[oss-security] 20081209 CVE request: moodle (XSS) Reference: URL:http://www.openwall.com/lists/oss-security/2008/12/09/4 Reference: CONFIRM:http://moodle.org/mod/forum/discuss.php?d=108590 Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
Current thread:
- CVE request: moodle (XSS) Hanno Böck (Dec 09)
- Re: CVE request: moodle (XSS) Steven M. Christey (Dec 16)