CVE-2010-2230

Moodle < 1.8.13 and 1.9.x < 1.9.9 - Authenticated Cross-Site Scripting via KSES Filter

Title source: llm

Description

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.

References (16)

Core 16

Core References

Various Sources x_refsource_confirm

http://tracker.moodle.org/browse/MDL-22042

Patch x_refsource_confirm

http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172

Various Sources x_refsource_confirm

http://docs.moodle.org/en/Moodle_1.8.13_release_notes

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1571

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2010/06/21/2

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40352

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2010/1530

Various Sources x_refsource_confirm

http://moodle.org/mod/forum/discuss.php?d=152368

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html

Various Sources x_refsource_confirm

http://docs.moodle.org/en/Moodle_1.9.9_release_notes

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/40248

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html

Patch x_refsource_confirm

http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=605809

Scores

EPSS 0.0040

EPSS Percentile 60.6%

Details

CWE

CWE-79

Status published

Products (50)

moodle/moodle 1.1.1

moodle/moodle 1.2.0

moodle/moodle 1.2.1

moodle/moodle 1.3.0

moodle/moodle 1.3.1

moodle/moodle 1.3.2

moodle/moodle 1.3.3

moodle/moodle 1.3.4

moodle/moodle 1.4.1

moodle/moodle 1.4.2

... and 40 more

Published Jun 28, 2010

Tracked Since Feb 18, 2026