Moodle is vulnerable to cross-site scripting (XSS) attacks. These attacks are possible through the io.swf
component of Yahoo! YUI used within Moodle.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 2.2.10 | |
moodle/moodle | le | 2.4.4 | |
moodle/moodle | le | 2.3.7 | |
moodle/moodle | le | 2.1.10 | |
moodle/moodle | le | 2.5.0 | |
yui3 | le | 3.9.1 | |
yui3 | le | 3.10.2 | |
yui | le | 3.9.1 | |
yui | le | 3.10.2 | |
yui | le | 3.10.2 |
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
yuilibrary.com/support/20130515-vulnerability/
lists.apache.org/thread.html/72837f969cdf9b63a7e7337edd069fa3b3950eea7c997cc2ff61aa0c@%3Cissues.zookeeper.apache.org%3E
lists.apache.org/thread.html/d8b9403dbab85a51255614949938b619bd03b1c944c76c48c6996a0e@%3Cdev.zookeeper.apache.org%3E
moodle.org/mod/forum/discuss.php?d=232496
yuilibrary.com/support/20130515-vulnerability/