Vulnerabilities > CVE-2006-4784 - Unspecified vulnerability in Moodle

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

moodle

nessus

NVD

Published: 2006-09-14

Updated: 2024-11-21

Summary

Multiple cross-site scripting (XSS) vulnerabilities in Moodle 1.6.1 and earlier might allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) doc/index.php or (2) files/index.php.

Vulnerable Configurations

Part	Description	Count
Application	Moodle Moodle Moodle - Moodle Moodle 1.1.1 Moodle Moodle 1.2 Moodle Moodle 1.2.0 Moodle Moodle 1.2.1 Moodle Moodle 1.3 Moodle Moodle 1.3.0 Moodle Moodle 1.3.1 Moodle Moodle 1.3.2 Moodle Moodle 1.3.3 Moodle Moodle 1.3.4 Moodle Moodle 1.3.5 Moodle Moodle 1.4.0 Moodle Moodle 1.4.1 Moodle Moodle 1.4.2 Moodle Moodle 1.4.3 Moodle Moodle 1.4.4 Moodle Moodle 1.4.5 Moodle Moodle 1.5 Moodle Moodle 1.5.0 Moodle Moodle 1.5.1 Moodle Moodle 1.5.2 Moodle Moodle 1.5.3 Moodle Moodle 1.5.4 Moodle Moodle 1.6 Moodle Moodle 1.6.0 Moodle Moodle 1.6.1	30

Nessus

NASL family	CGI abuses
NASL id	MOODLE_162.NASL
description	The installed version of Moodle fails to sanitize user-supplied input to a number of parameters and scripts. An attacker can leverage these issues to launch SQL injection and cross-site scripting attacks against the affected application.
last seen	2020-06-01
modified	2020-06-02
plugin id	22364
published	2006-09-15
reporter	This script is Copyright (C) 2006-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/22364
title	Moodle < 1.6.2 Multiple Vulnerabilities

Summary

Vulnerable Configurations

Nessus

References