CVE-2010-2228

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://docs.moodle.org/en/Moodle_1.8.13_release_notes
http://docs.moodle.org/en/Moodle_1.9.9_release_notes
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://moodle.org/mod/forum/discuss.php?d=152366	Vendor Advisory
http://secunia.com/advisories/40248	Vendor Advisory
http://secunia.com/advisories/40352	Vendor Advisory
http://tracker.moodle.org/browse/MDL-22040
http://www.openwall.com/lists/oss-security/2010/06/21/2
http://www.vupen.com/english/advisories/2010/1530	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1571	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=605809
http://docs.moodle.org/en/Moodle_1.8.13_release_notes
http://docs.moodle.org/en/Moodle_1.9.9_release_notes
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://moodle.org/mod/forum/discuss.php?d=152366	Vendor Advisory
http://secunia.com/advisories/40248	Vendor Advisory
http://secunia.com/advisories/40352	Vendor Advisory
http://tracker.moodle.org/browse/MDL-22040
http://www.openwall.com/lists/oss-security/2010/06/21/2
http://www.vupen.com/english/advisories/2010/1530	Vendor Advisory
http://www.vupen.com/english/advisories/2010/1571	Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=605809

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:moodle:moodle::::::::
	cpe:2.3:a:moodle:moodle:1.1.1:::::::*
	cpe:2.3:a:moodle:moodle:1.2.0:::::::*
	cpe:2.3:a:moodle:moodle:1.2.1:::::::*
	cpe:2.3:a:moodle:moodle:1.3.0:::::::*
	cpe:2.3:a:moodle:moodle:1.3.1:::::::*
	cpe:2.3:a:moodle:moodle:1.3.2:::::::*
	cpe:2.3:a:moodle:moodle:1.3.3:::::::*
	cpe:2.3:a:moodle:moodle:1.3.4:::::::*
	cpe:2.3:a:moodle:moodle:1.4.1:::::::*
	cpe:2.3:a:moodle:moodle:1.4.2:::::::*
	cpe:2.3:a:moodle:moodle:1.4.3:::::::*
	cpe:2.3:a:moodle:moodle:1.4.4:::::::*
	cpe:2.3:a:moodle:moodle:1.4.5:::::::*
	cpe:2.3:a:moodle:moodle:1.5:::::::*
	cpe:2.3:a:moodle:moodle:1.5.0:beta::::::
	cpe:2.3:a:moodle:moodle:1.5.1:::::::*
	cpe:2.3:a:moodle:moodle:1.5.2:::::::*
	cpe:2.3:a:moodle:moodle:1.5.3:::::::*
	cpe:2.3:a:moodle:moodle:1.6.0:::::::*
	cpe:2.3:a:moodle:moodle:1.6.1:::::::*
	cpe:2.3:a:moodle:moodle:1.6.2:::::::*
	cpe:2.3:a:moodle:moodle:1.6.3:::::::*
	cpe:2.3:a:moodle:moodle:1.6.4:::::::*
	cpe:2.3:a:moodle:moodle:1.6.5:::::::*
	cpe:2.3:a:moodle:moodle:1.6.6:::::::*
	cpe:2.3:a:moodle:moodle:1.6.7:::::::*
	cpe:2.3:a:moodle:moodle:1.6.8:::::::*
	cpe:2.3:a:moodle:moodle:1.7.1:::::::*
	cpe:2.3:a:moodle:moodle:1.7.2:::::::*
	cpe:2.3:a:moodle:moodle:1.7.3:::::::*
	cpe:2.3:a:moodle:moodle:1.7.4:::::::*
	cpe:2.3:a:moodle:moodle:1.7.5:::::::*
	cpe:2.3:a:moodle:moodle:1.7.6:::::::*
	cpe:2.3:a:moodle:moodle:1.8.1:::::::*
	cpe:2.3:a:moodle:moodle:1.8.2:::::::*
	cpe:2.3:a:moodle:moodle:1.8.3:::::::*
	cpe:2.3:a:moodle:moodle:1.8.4:::::::*
	cpe:2.3:a:moodle:moodle:1.8.5:::::::*
	cpe:2.3:a:moodle:moodle:1.8.6:::::::*
	cpe:2.3:a:moodle:moodle:1.8.7:::::::*
	cpe:2.3:a:moodle:moodle:1.8.8:::::::*
	cpe:2.3:a:moodle:moodle:1.8.9:::::::*
	cpe:2.3:a:moodle:moodle:1.8.10:::::::*
	cpe:2.3:a:moodle:moodle:1.8.11:::::::*

Configuration 2 (hide)

OR	cpe:2.3:a:moodle:moodle:1.9.1:::::::*
	cpe:2.3:a:moodle:moodle:1.9.2:::::::*
	cpe:2.3:a:moodle:moodle:1.9.3:::::::*
	cpe:2.3:a:moodle:moodle:1.9.4:::::::*
	cpe:2.3:a:moodle:moodle:1.9.5:::::::*
	cpe:2.3:a:moodle:moodle:1.9.6:::::::*
	cpe:2.3:a:moodle:moodle:1.9.7:::::::*
	cpe:2.3:a:moodle:moodle:1.9.8:::::::*

History

21 Nov 2024, 01:16

Type	Values Removed	Values Added
References	~~() http://docs.moodle.org/en/Moodle_1.8.13_release_notes -~~	() http://docs.moodle.org/en/Moodle_1.8.13_release_notes -
References	~~() http://docs.moodle.org/en/Moodle_1.9.9_release_notes -~~	() http://docs.moodle.org/en/Moodle_1.9.9_release_notes -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html -
References	~~() http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html -~~	() http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html -
References	~~() http://moodle.org/mod/forum/discuss.php?d=152366 - Vendor Advisory~~	() http://moodle.org/mod/forum/discuss.php?d=152366 - Vendor Advisory
References	~~() http://secunia.com/advisories/40248 - Vendor Advisory~~	() http://secunia.com/advisories/40248 - Vendor Advisory
References	~~() http://secunia.com/advisories/40352 - Vendor Advisory~~	() http://secunia.com/advisories/40352 - Vendor Advisory
References	~~() http://tracker.moodle.org/browse/MDL-22040 -~~	() http://tracker.moodle.org/browse/MDL-22040 -
References	~~() http://www.openwall.com/lists/oss-security/2010/06/21/2 -~~	() http://www.openwall.com/lists/oss-security/2010/06/21/2 -
References	~~() http://www.vupen.com/english/advisories/2010/1530 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2010/1530 - Vendor Advisory
References	~~() http://www.vupen.com/english/advisories/2010/1571 - Vendor Advisory~~	() http://www.vupen.com/english/advisories/2010/1571 - Vendor Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=605809 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=605809 -

Information

Published : 2010-06-28 17:30

Updated : 2024-11-21 01:16

NVD link : CVE-2010-2228

Mitre link : CVE-2010-2228

CVE.ORG link : CVE-2010-2228

JSON object : View

Products Affected

moodle

moodle

CWE

CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

4.3 /10