CVE-2008-3326

Published Jul 25, 2008

Last updated 4 years ago

Overview

Description: Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 2.6
Impact score: 2.9
Exploitability score: 4.9
Vector string: AV:N/AC:H/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-79

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "680CE396-5F61-409C-A152-4D1E1CB44EA3"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C6A0F31A-BB19-4B2C-A2CD-1DFA5FDF1C72"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.6.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "98CA6482-0B84-463D-9C81-A92FFC06C9FA"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0794B997-0793-4465-B9BA-5BFF254D600A"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06F4A1D8-65C5-4EDA-BCEC-CD267DE5C4B3"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AB2A20C9-5FEF-4D91-AFA0-B49672CC8B37"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCFEA024-4CA7-4975-802C-1BB9C099C164"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FB16198E-A32D-4CFA-9CCE-65871596E6AC"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ABFE9D24-24DB-49EA-B59E-AF9B47D46EB4"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "56551145-5213-4165-88C9-C351DACDD1C6"
          },
          {
            "criteria": "cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A589727E-92BB-40DA-8172-89279EB9B73C"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References