CVE-2009-0500

Moodle <1.6.9-1.9.4 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.

References (6)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

[Vendor Advisory] http://moodle.org/security/

[Third Party Advisory] http://secunia.com/advisories/33955

[Third Party Advisory] http://secunia.com/advisories/34418

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1724

[Mailing List] http://www.openwall.com/lists/oss-security/2009/02/04/1

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Classification

CWE

CWE-79

Status published

Affected Products (26)

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

... and 11 more

Timeline

Published Feb 10, 2009

Tracked Since Feb 18, 2026