CVE-2010-2228

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2010-2228
Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://docs.moodle.org/en/Moodle_1.8.13_release_notes
http://docs.moodle.org/en/Moodle_1.9.9_release_notes
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://moodle.org/mod/forum/discuss.php?d=152366 Vendor Advisory
http://secunia.com/advisories/40248 Vendor Advisory
http://secunia.com/advisories/40352 Vendor Advisory
http://tracker.moodle.org/browse/MDL-22040
http://www.openwall.com/lists/oss-security/2010/06/21/2
http://www.vupen.com/english/advisories/2010/1530 Vendor Advisory
http://www.vupen.com/english/advisories/2010/1571 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=605809
http://docs.moodle.org/en/Moodle_1.8.13_release_notes
http://docs.moodle.org/en/Moodle_1.9.9_release_notes
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
http://moodle.org/mod/forum/discuss.php?d=152366 Vendor Advisory
http://secunia.com/advisories/40248 Vendor Advisory
http://secunia.com/advisories/40352 Vendor Advisory
http://tracker.moodle.org/browse/MDL-22040
http://www.openwall.com/lists/oss-security/2010/06/21/2
http://www.vupen.com/english/advisories/2010/1530 Vendor Advisory
http://www.vupen.com/english/advisories/2010/1571 Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=605809
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.4.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.4.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.4.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.4.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.0:beta:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.6.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.7.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*
cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*
History

21 Nov 2024, 01:16

Type Values Removed Values Added
References () http://docs.moodle.org/en/Moodle_1.8.13_release_notes - () http://docs.moodle.org/en/Moodle_1.8.13_release_notes -
References () http://docs.moodle.org/en/Moodle_1.9.9_release_notes - () http://docs.moodle.org/en/Moodle_1.9.9_release_notes -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043285.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043291.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html - () http://lists.fedoraproject.org/pipermail/package-announce/2010-June/043340.html -
References () http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html - () http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html -
References () http://moodle.org/mod/forum/discuss.php?d=152366 - Vendor Advisory () http://moodle.org/mod/forum/discuss.php?d=152366 - Vendor Advisory
References () http://secunia.com/advisories/40248 - Vendor Advisory () http://secunia.com/advisories/40248 - Vendor Advisory
References () http://secunia.com/advisories/40352 - Vendor Advisory () http://secunia.com/advisories/40352 - Vendor Advisory
References () http://tracker.moodle.org/browse/MDL-22040 - () http://tracker.moodle.org/browse/MDL-22040 -
References () http://www.openwall.com/lists/oss-security/2010/06/21/2 - () http://www.openwall.com/lists/oss-security/2010/06/21/2 -
References () http://www.vupen.com/english/advisories/2010/1530 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1530 - Vendor Advisory
References () http://www.vupen.com/english/advisories/2010/1571 - Vendor Advisory () http://www.vupen.com/english/advisories/2010/1571 - Vendor Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=605809 - () https://bugzilla.redhat.com/show_bug.cgi?id=605809 -
Information

Published : 2010-06-28 17:30

Updated : 2025-04-11 00:51

NVD link : CVE-2010-2228

Mitre link : CVE-2010-2228

CVE.ORG link : CVE-2010-2228

JSON object : View

Products Affected

moodle

  • moodle
CWE
CWE-79

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')