CVE-2009-0500

NameCVE-2009-0500
DescriptionCross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1724-1, DTSA-195-1
NVD severitymedium

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
moodlesourceetch1.6.3-2+etch2DSA-1724-1
moodlesourcelenny1.8.2.dfsg-3+lenny1DTSA-195-1
moodlesource(unstable)1.8.2.dfsg-3low

Search for package or bug name: Reporting problems