Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2010-1614

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the Login-As feature or (2) when the global search feature is enabled, unspecified global search forms in the Global Search Engine. NOTE: vector 1 might be resultant from a cross-site request forgery (CSRF) vulnerability.

Published

2010-04-29T21:30:00.667

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:P/A:N

  • Access Vector: NETWORK
  • Access Complexity: MEDIUM
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: PARTIAL
  • Availability Impact: NONE
Exploitability Score

8.6

Impact Score

2.9

Weaknesses
  • Type: Primary
    CWE-79
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application moodle moodle 1.8.1 Yes
Application moodle moodle 1.8.2 Yes
Application moodle moodle 1.8.3 Yes
Application moodle moodle 1.8.4 Yes
Application moodle moodle 1.8.5 Yes
Application moodle moodle 1.8.6 Yes
Application moodle moodle 1.8.7 Yes
Application moodle moodle 1.8.8 Yes
Application moodle moodle 1.8.9 Yes
Application moodle moodle 1.8.10 Yes
Application moodle moodle 1.8.11 Yes
Application moodle moodle 1.9.1 Yes
Application moodle moodle 1.9.2 Yes
Application moodle moodle 1.9.3 Yes
Application moodle moodle 1.9.4 Yes
Application moodle moodle 1.9.5 Yes
Application moodle moodle 1.9.6 Yes
Application moodle moodle 1.9.7 Yes
References