CVE-2010-1619
Moodle 1.8.0-1.8.11 - Cross-Site Scripting via Crafted HTML Entities
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.
References (3)
Core 3
Core References
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2010/1107
Various Sources x_refsource_confirm
http://moodle.org/security/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html
Scores
EPSS
0.0025
EPSS Percentile
48.8%
Details
CWE
CWE-79
Status
published
Products (19)
moodle/moodle
1.8.1
moodle/moodle
1.8.2
moodle/moodle
1.8.3
moodle/moodle
1.8.4
moodle/moodle
1.8.5
moodle/moodle
1.8.6
moodle/moodle
1.8.7
moodle/moodle
1.8.8
moodle/moodle
1.8.9
moodle/moodle
1.8.10
... and 9 more
Published
Apr 29, 2010
Tracked Since
Feb 18, 2026