Описание
Moodle cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-3178
- https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749
- https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78
- https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5
- https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f
- https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b
- https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6
- https://moodle.org/mod/forum/discuss.php?d=313685
- https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726
- https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718
- http://openwall.com/lists/oss-security/2015/05/18/1
Пакеты
moodle/moodle
< 2.6.11
2.6.11
moodle/moodle
>= 2.7.0, < 2.7.8
2.7.8
moodle/moodle
>= 2.8.0, < 2.8.6
2.8.6
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Cross-site scripting (XSS) vulnerability in the external_format_text f ...
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю внедрить произвольный веб или HTML-код