CVE-2009-0502

Snoopy 1.2.3 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.

References (6)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html

[Vendor Advisory] http://moodle.org/security/

[Third Party Advisory] http://secunia.com/advisories/33955

[Third Party Advisory] http://www.debian.org/security/2009/dsa-1724

[Mailing List] http://www.openwall.com/lists/oss-security/2009/02/04/1

[Third Party Advisory] http://secunia.com/advisories/34418

Scores

EPSS 0.0047

EPSS Percentile 64.5%

Classification

CWE

CWE-79

Status published

Affected Products (19)

snoopy/snoopy

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

... and 4 more

Timeline

Published Feb 10, 2009

Tracked Since Feb 18, 2026