CVE-2010-1619 — Cross-site Scripting in Moodle

CWE-79 — Cross-site Scripting6 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 51.19%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moodle Debian Wordpress

Timeline

PublishedApr 29

Latest updateMay 13

Description

Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶Packagistmoodle/moodle1.8.0 — 1.8.12+1

▶NVDmoodle/moodle18 versions+17

▶debiandebian/wordpress

🔴Vulnerability Details

OSV

Moodle vulnerable to Cross-site Scripting↗2022-05-13

▶

GHSA

Moodle vulnerable to Cross-site Scripting↗2022-05-13

▶

📋Vendor Advisories

Red Hat

Moodle: Multiple security fixes in 1.8.12 upstream release↗2010-03-27

▶

Debian

CVE-2010-1619: wordpress - Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities functi...↗2010

▶

💬Community

Bugzilla

CVE-2010-1613 CVE-2010-1614 CVE-2010-1615 CVE-2010-1616 CVE-2010-1617 CVE-2010-1618 CVE-2010-1619 Moodle: Multiple security fixes in 1.8.12 upstream release↗2010-04-01

▶