Vulnerabilities > Moodle > Moodle > 1.7.4

DATE CVE VULNERABILITY TITLE RISK
2009-02-10 CVE-2009-0502 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.
network
snoopy moodle CWE-79
4.3
4.3
2009-02-10 CVE-2009-0500 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
network
moodle CWE-79
4.3
4.3
2009-02-10 CVE-2009-0499 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.
network
low complexity
moodle CWE-352
6.4
6.4
2008-12-11 CVE-2008-5432 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
network
moodle CWE-79
4.3
4.3
2008-07-25 CVE-2008-3326 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
network
high complexity
moodle CWE-79
2.6
2.6
2008-07-25 CVE-2008-3325 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
Cross-site request forgery (CSRF) vulnerability in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to modify profile settings and gain privileges as other users via a link or IMG tag to the user edit profile page. 		6.0
6.0
2008-03-25 CVE-2008-1502 Cross-Site Scripting vulnerability in multiple products
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. 		4.3
4.3
2008-01-12 CVE-2008-0123 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter.
network
moodle CWE-79
4.3
4.3