Lucene search

MitreCVE-2004-1978

HistoryMay 10, 2005 - 4:00 a.m.

CVE-2004-1978

2005-05-1004:00:00

mitre

web.nvd.nist.gov

cve-2004-1978

cross-site scripting

xss vulnerability

moodle

help.php

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

79.0%

JSON

Cross-site scripting (XSS) vulnerability in help.php in Moodle before 1.3 allows remote attackers to inject arbitrary HTML and web script via the text parameter.

Affected configurations

Nvd

Node

moodlemoodleMatch1.1.1

moodlemoodleMatch1.2.0

moodlemoodleMatch1.2.1

VendorProductVersionCPE
moodlemoodle1.1.1cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
moodlemoodle1.2.0cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
moodlemoodle1.2.1cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	1.1.1	cpe:2.3:a:moodle:moodle:1.1.1:::::::*
moodle	moodle	1.2.0	cpe:2.3:a:moodle:moodle:1.2.0:::::::*
moodle	moodle	1.2.1	cpe:2.3:a:moodle:moodle:1.2.1:::::::*

References

marc.info/?l=bugtraq&m=108335043825605&w=2

secunia.com/advisories/11535

securitytracker.com/id?1010008

www.osvdb.org/5747

www.securityfocus.com/bid/10251

exchange.xforce.ibmcloud.com/vulnerabilities/16023

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.8

Confidence

High

EPSS

0.006

Percentile

79.0%

JSON

Related for CVE-2004-1978