Lucene search

MitreCVE-2014-9059

HistoryNov 24, 2014 - 11:59 a.m.

CVE-2014-9059

2014-11-2411:59:14

CWE-79

mitre

web.nvd.nist.gov

cve-2014-9059

moodle

xss

http headers

security

nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.7

Confidence

High

EPSS

0.003

Percentile

71.9%

JSON

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

Affected configurations

Nvd

Node

moodlemoodleRange≤2.4.11

moodlemoodleMatch2.5.0

moodlemoodleMatch2.5.1

moodlemoodleMatch2.5.2

moodlemoodleMatch2.5.3

moodlemoodleMatch2.5.4

moodlemoodleMatch2.5.5

moodlemoodleMatch2.5.6

moodlemoodleMatch2.5.7

moodlemoodleMatch2.5.8

moodlemoodleMatch2.6.0

moodlemoodleMatch2.6.1

moodlemoodleMatch2.6.2

moodlemoodleMatch2.6.3

moodlemoodleMatch2.6.4

moodlemoodleMatch2.6.5

moodlemoodleMatch2.7.0

moodlemoodleMatch2.7.1

moodlemoodleMatch2.7.2

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*
moodlemoodle2.5.0cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
moodlemoodle2.5.1cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
moodlemoodle2.5.2cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
moodlemoodle2.5.3cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
moodlemoodle2.5.4cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
moodlemoodle2.5.5cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
moodlemoodle2.5.6cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
moodlemoodle2.5.7cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*
moodlemoodle2.5.8cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::
moodle	moodle	2.5.0	cpe:2.3:a:moodle:moodle:2.5.0:::::::*
moodle	moodle	2.5.1	cpe:2.3:a:moodle:moodle:2.5.1:::::::*
moodle	moodle	2.5.2	cpe:2.3:a:moodle:moodle:2.5.2:::::::*
moodle	moodle	2.5.3	cpe:2.3:a:moodle:moodle:2.5.3:::::::*
moodle	moodle	2.5.4	cpe:2.3:a:moodle:moodle:2.5.4:::::::*
moodle	moodle	2.5.5	cpe:2.3:a:moodle:moodle:2.5.5:::::::*
moodle	moodle	2.5.6	cpe:2.3:a:moodle:moodle:2.5.6:::::::*
moodle	moodle	2.5.7	cpe:2.3:a:moodle:moodle:2.5.7:::::::*
moodle	moodle	2.5.8	cpe:2.3:a:moodle:moodle:2.5.8:::::::*