CVE-2010-1614

Moodle < 1.8.12 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.

References (3)

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html

[Various Sources] http://moodle.org/security/

[Third Party Advisory] http://www.vupen.com/english/advisories/2010/1107

Scores

EPSS 0.0025

EPSS Percentile 48.5%

Classification

CWE

CWE-79

Status published

Affected Products (20)

moodle/moodle

... and 5 more

Timeline

Published Apr 29, 2010

Tracked Since Feb 18, 2026