ghsa-3gm8-32vv-q8mp
Vulnerability from github
Published
2022-05-13 01:13
Modified
2024-02-07 22:53
VLAI Severity ?
Summary
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter
Details
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
{
"affected": [
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "1.8.13"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Packagist",
"name": "moodle/moodle"
},
"ranges": [
{
"events": [
{
"introduced": "1.9.0"
},
{
"fixed": "1.9.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2010-2230"
],
"database_specific": {
"cwe_ids": [
"CWE-79"
],
"github_reviewed": true,
"github_reviewed_at": "2024-02-07T22:53:57Z",
"nvd_published_at": "2010-06-28T17:30:00Z",
"severity": "MODERATE"
},
"details": "The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.",
"id": "GHSA-3gm8-32vv-q8mp",
"modified": "2024-02-07T22:53:57Z",
"published": "2022-05-13T01:13:04Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2010-2230"
},
{
"type": "WEB",
"url": "https://github.com/moodle/moodle/commit/704c5dfed4f4531b6d74d19cfad573984e74885e"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=605809"
},
{
"type": "PACKAGE",
"url": "https://github.com/moodle/moodle"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20100621005117/http://secunia.com/advisories/40248"
},
{
"type": "WEB",
"url": "https://web.archive.org/web/20100711044720/http://secunia.com/advisories/40352"
},
{
"type": "WEB",
"url": "http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114\u0026r2=1.812.2.115"
},
{
"type": "WEB",
"url": "http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171\u0026r2=1.970.2.172"
},
{
"type": "WEB",
"url": "http://docs.moodle.org/en/Moodle_1.8.13_release_notes"
},
{
"type": "WEB",
"url": "http://docs.moodle.org/en/Moodle_1.9.9_release_notes"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html"
},
{
"type": "WEB",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html"
},
{
"type": "WEB",
"url": "http://moodle.org/mod/forum/discuss.php?d=152368"
},
{
"type": "WEB",
"url": "http://tracker.moodle.org/browse/MDL-22042"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2010/06/21/2"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1530"
},
{
"type": "WEB",
"url": "http://www.vupen.com/english/advisories/2010/1571"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter "
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…