Vulnerabilities > CVE-2004-0725 - Unspecified vulnerability in Moodle

CVSS 6.8 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

moodle

nessus

exploit available

NVD

Published: 2004-07-27

Updated: 2020-12-01

Summary

Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 and 1.4 dev allows remote attackers to inject arbitrary web script or HTML via the file parameter.

Vulnerable Configurations

Part	Description	Count
Application	Moodle Moodle Moodle 1.1.1 Moodle Moodle 1.2.0 Moodle Moodle 1.2.1 Moodle Moodle 1.3.0 Moodle Moodle 1.3.1 Moodle Moodle 1.3.2	6

Exploit-Db

description	Moodle Help Script 1.x Cross Site Scripting Vulnerability. CVE-2004-0725. Webapps exploit for php platform
id	EDB-ID:24279
last seen	2016-02-02
modified	2004-07-13
published	2004-07-13
reporter	morpheus[bd]
source	https://www.exploit-db.com/download/24279/
title	Moodle Help Script 1.x - Cross-Site Scripting Vulnerability

Nessus

NASL family	CGI abuses : XSS
NASL id	MOODLE_UNKNOWN_VULN.NASL
description	The version of Moodle running on the remote host is affected by a cross-site scripting vulnerability. Input to the
last seen	2020-06-01
modified	2020-06-02
plugin id	13843
published	2004-07-26
reporter	This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/13843
title	Moodle < 1.3.3 'help.php' 'file' Parameter XSS

Summary

Vulnerable Configurations

Exploit-Db

Nessus

References