Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2014-9059

Опубликовано: 24 нояб. 2014
Источник: debian
EPSS Низкий

Описание

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
moodlefixed2.7.5+dfsg-1package
moodleend-of-lifesqueezepackage

Примечания

  • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966

  • https://moodle.org/mod/forum/discuss.php?d=275146

EPSS

Процентиль: 54%
0.0032
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2014-9059

ubuntu
почти 11 лет назад

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

nvd логотип

CVE-2014-9059

nvd
почти 11 лет назад

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

github логотип

GHSA-crcq-pw8h-9xwf

github
больше 3 лет назад

Moodle does not provide charset information in HTTP headers

EPSS

Процентиль: 54%
0.0032
Низкий