oss-sec mailing list archives
CVE request: moodle (XSS)
From: Hanno Böck <hanno () hboeck de>
Date: Tue, 9 Dec 2008 13:55:28 +0100
http://moodle.org/mod/forum/discuss.php?d=108590 Cross Site Scripting (XSS) possible through Wiki page titles Wiki page names were not sanitised on output, allowing for potential cross site scripting (XSS) issues. Versions affected: < 1.6.8, < 1.7.6, < 1.8.7, < 1.9.3 -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://www.jukss.de/ Jugemdumweltkongress, 27.12.-4.1.
Attachment:
signature.asc
Description: This is a digitally signed message part.
Current thread:
- CVE request: moodle (XSS) Hanno Böck (Dec 09)
- Re: CVE request: moodle (XSS) Steven M. Christey (Dec 16)