Описание
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | ignored | end of life |
| devel | not-affected | XSS is stripped at input |
| feisty | ignored | end of life, was needed |
| gutsy | not-affected | XSS is stripped at input |
| hardy | not-affected | XSS is stripped at input |
| intrepid | not-affected | XSS is stripped at input |
| jaunty | not-affected | XSS is stripped at input |
| karmic | not-affected | XSS is stripped at input |
| upstream | released | 1.7.5 |
Показывать по
Ссылки на источники
EPSS
2.6 Low
CVSS2
Связанные уязвимости
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1. ...
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
EPSS
2.6 Low
CVSS2