CVE-2008-3326

Moodle 1.6.x < 1.6.7 and 1.7.x < 1.7.5 - Cross-Site Scripting via Blog Entry Title Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-3326. PoCs published by ZeN.

AI-analyzed exploit summary This is a security advisory detailing an LFI vulnerability in OLIB 7 WebView v2.5.1.1, requiring a valid session key. It also includes an unrelated XSS vulnerability in Moodle's blogging system.

Description

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

Exploits (1)

exploitdb WRITEUP VERIFIED

by ZeN · textwebappsphp

https://www.exploit-db.com/exploits/6653

View Code ZIP pw:eip

This is a security advisory detailing an LFI vulnerability in OLIB 7 WebView v2.5.1.1, requiring a valid session key. It also includes an unrelated XSS vulnerability in Moodle's blogging system.

Classification

Writeup 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Theoretical

Target: OLIB 7 WebView v2.5.1.1

Auth required

Prerequisites: valid session key

devstral-2 · analyzed Feb 16, 2026 Full analysis →