Vulnerabilities > Moodle > Moodle > 1.7.5

DATE CVE VULNERABILITY TITLE RISK
2009-02-10 CVE-2009-0500 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
network
moodle CWE-79
4.3
4.3
2009-02-10 CVE-2009-0499 Cross-Site Request Forgery (CSRF) vulnerability in Moodle
Cross-site request forgery (CSRF) vulnerability in the forum code in Moodle 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to delete unauthorized forum posts via a link or IMG tag to post.php.
network
low complexity
moodle CWE-352
6.4
6.4
2008-12-11 CVE-2008-5432 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
network
moodle CWE-79
4.3
4.3
2008-03-25 CVE-2008-1502 Cross-Site Scripting vulnerability in multiple products
The _bad_protocol_once function in phpgwapi/inc/class.kses.inc.php in KSES, as used in eGroupWare before 1.4.003, Moodle before 1.8.5, and other products, allows remote attackers to bypass HTML filtering and conduct cross-site scripting (XSS) attacks via a string containing crafted URL protocols. 		4.3
4.3
2008-01-12 CVE-2008-0123 Cross-Site Scripting vulnerability in Moodle
Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter.
network
moodle CWE-79
4.3
4.3