CVE-2004-1978
moodle < 1.3 - Cross-Site Scripting via help.php text parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2004-1978. PoCs published by Bartek Nowotarski.
AI-analyzed exploit summary The provided text describes a cross-site scripting (XSS) vulnerability in Moodle's 'help.php' script due to insufficient input sanitization. The issue allows attackers to inject malicious scripts via the 'text' parameter, potentially leading to cookie theft or other client-side attacks.
Description
Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.
Exploits (1)
The provided text describes a cross-site scripting (XSS) vulnerability in Moodle's 'help.php' script due to insufficient input sanitization. The issue allows attackers to inject malicious scripts via the 'text' parameter, potentially leading to cookie theft or other client-side attacks.