CVE-2008-3326

{"id": "CVE-2008-3326", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.6, "accessVector": "NETWORK", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "HIGH", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 4.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-07-25T16:41:00.000", "references": [{"url": "http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html", "source": "cve@mitre.org"}, {"url": "http://moodle.org/mod/forum/discuss.php?d=101401", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31196", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31339", "source": "cve@mitre.org"}, {"url": "http://www.debian.org/security/2008/dsa-1691", "source": "cve@mitre.org"}, {"url": "http://www.procheckup.com/Vulnerability_PR08-13.php", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/494656/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30348", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43961", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6653", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-79"}]}], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title)."}, {"lang": "es", "value": "Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en blog/edit.php en Moodle 1.6.x anterior a 1.6.7 y 1.7.x anterior a 1.7.5, permite a atacantes remotos inyectar secuencias de comandos Web o HTML de su elecci\u00f3n mediante el par\u00e1metro etitle (t\u00edtulo de la entrada del blog - blog entry title)."}], "lastModified": "2020-12-01T14:43:44.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "680CE396-5F61-409C-A152-4D1E1CB44EA3"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C6A0F31A-BB19-4B2C-A2CD-1DFA5FDF1C72"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98CA6482-0B84-463D-9C81-A92FFC06C9FA"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0794B997-0793-4465-B9BA-5BFF254D600A"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06F4A1D8-65C5-4EDA-BCEC-CD267DE5C4B3"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AB2A20C9-5FEF-4D91-AFA0-B49672CC8B37"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCFEA024-4CA7-4975-802C-1BB9C099C164"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB16198E-A32D-4CFA-9CCE-65871596E6AC"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "ABFE9D24-24DB-49EA-B59E-AF9B47D46EB4"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "56551145-5213-4165-88C9-C351DACDD1C6"}, {"criteria": "cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A589727E-92BB-40DA-8172-89279EB9B73C"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}