CVSS: 4.3EPSS: 0%CPEs: 18EXPL: 2CVE-2013-4341 – Moodle 2.3.8/2.4.5 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2013-4341
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed. Múltiples vulnerabilidades de XSS en Moodle de la versión 2.2.11, 2.3.x anterior a 2.3.9, 2.4.x anterior a 2.4.6, y 2.5.x anterior a 2.5.2, permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de un enlace al blog dentro de un feed RSS. • https://www.exploit-db.com/exploits/28174 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623 http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html https://moodle.org/mod/forum/discuss.php?d=238399 https://www.rapid7.com/blog/post/2013/10/30/seven-tricks-and-treats • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4939
https://notcve.org/view.php?id=CVE-2013-4939
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.0.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, 2.5.x anterior a 2.5.1, y otros productos, permite a atacantes remotos inyectar secuencias de comandos web y HTML a través de una cadena en una URL. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 http://yuilibrary.com/support/20130515-vulnerability https://lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c%40%3Cissues.zookeeper.apache.org%3E https://lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e%40%3Cdev.zookeeper.apache.org%3E https://moodle.org/mod/forum/discuss.php?d=232496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4941
https://notcve.org/view.php?id=CVE-2013-4941
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. Vulnerabilidad de XSS en el uploader.swf en el componente Uploader en Yahoo! YUI 3.5.0 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, 2.5.x anterior a 2.5.1, y otros productos, permite a atacantes remotos inyectar secuencias de comandos web y HTML a través de una cadena en una URL. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 http://yuilibrary.com/support/20130515-vulnerability https://moodle.org/mod/forum/discuss.php?d=232496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 4.0EPSS: 0%CPEs: 36EXPL: 0CVE-2013-2245
https://notcve.org/view.php?id=CVE-2013-2245
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which allows remote authenticated users to obtain sensitive block information by reading an RSS feed. rss/file.php en Moodle a la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, y 2.5.x anterior a 2.5.1 no implementa adecuadamente el uso de los tokens RSS para suplantación, lo que permite a usuarios autenticados remotamente obtener un bloque de información sensible a través del feed RSS. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37818 https://moodle.org/mod/forum/discuss.php?d=232502 • CWE-287: Improper Authentication •
CVSS: 4.3EPSS: 0%CPEs: 58EXPL: 0CVE-2013-4940
https://notcve.org/view.php?id=CVE-2013-4940
Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility component in Yahoo! YUI 3.10.2, as used in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x before 2.5.1, and other products, allows remote attackers to inject arbitrary web script or HTML via a crafted string in a URL. NOTE: this vulnerability exists because of a CVE-2013-4939 regression. Vulnerabilidad de XSS en el io.swf en el componente IO Utility en Yahoo! YUI 3.10.2 a la 3.9.1, utilizado en Moodle hasta la 2.1.10, 2.2.x anterior a 2.2.11, 2.3.x anterior a 2.3.8, 2.4.x anterior a 2.4.5, 2.5.x anterior a 2.5.1, y otros productos, permite a atacantes remotos inyectar secuencias de comandos web y HTML a través de una cadena en una URL. • http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678 http://yuilibrary.com/support/20130515-vulnerability https://moodle.org/mod/forum/discuss.php?d=232496 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •