Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j6c3-3c4w-qv8p

Опубликовано: 13 мая 2022
Источник: github
Github: Прошло ревью

Описание

Moodle cross-site scripting (XSS) vulnerabilities

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

Ссылки

Пакеты

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

< 2.4.9

2.4.9

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 2.5.0, < 2.5.5

2.5.5

Наименование

moodle/moodle

composer
Затронутые версииВерсия исправления

>= 2.6.0, < 2.6.2

2.6.2

Наименование

typo3/cms

composer
Затронутые версииВерсия исправления

>= 6.2.0, < 6.2.14

6.2.14

Наименование

typo3/cms

composer
Затронутые версииВерсия исправления

>= 7.0.0, < 7.3.1

7.3.1

EPSS

Процентиль: 50%
0.00273
Низкий

CVE ID

CVE-2013-7341

Дефекты

CWE-79

Связанные уязвимости

ubuntu логотип

CVE-2013-7341

ubuntu
почти 12 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

nvd логотип

CVE-2013-7341

nvd
почти 12 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

debian логотип

CVE-2013-7341

debian
почти 12 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flas ...

EPSS

Процентиль: 50%
0.00273
Низкий

CVE ID

CVE-2013-7341

Дефекты

CWE-79