CVE-2004-1424

Moodle - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.

References (5)

[Mailing List] http://marc.info/?l=bugtraq&m=110425409614735&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=110444531816566&w=2

[Vendor Advisory] http://secunia.com/advisories/13694

[Exploit, Patch] http://www.securityfocus.com/bid/12120

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/18702

Scores

EPSS 0.0050

EPSS Percentile 65.8%

Classification

CWE

CWE-79

Status draft

Affected Products (10)

moodle/moodle

Timeline

Published Dec 31, 2004

Tracked Since Feb 18, 2026