Описание
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | not-affected | |
| devel | not-affected | 1.9.9.dfsg2-2 |
| hardy | ignored | end of life |
| jaunty | ignored | end of life |
| karmic | ignored | end of life |
| lucid | ignored | end of life |
| maverick | ignored | end of life |
| natty | not-affected | 1.9.9.dfsg2-2 |
| oneiric | not-affected | 1.9.9.dfsg2-2 |
| precise | not-affected | 1.9.9.dfsg2-2 |
Показывать по
Ссылки на источники
4 Medium
CVSS2
Связанные уязвимости
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.
The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.1 ...
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter
4 Medium
CVSS2