GHSA-3gm8-32vv-q8mp

Suggest an improvement
Source
https://github.com/advisories/GHSA-3gm8-32vv-q8mp
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-3gm8-32vv-q8mp/GHSA-3gm8-32vv-q8mp.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-3gm8-32vv-q8mp
Aliases
  • CVE-2010-2230
Published
2022-05-13T01:13:04Z
Modified
2024-02-07T23:12:30.800761Z
Summary
Moodle Cross-site Scripting vulnerability in the KSES text cleaning filter
Details

The KSES text cleaning filter in lib/weblib.php in Moodle before 1.8.13 and 1.9.x before 1.9.9 does not properly handle vbscript URIs, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via HTML input.

References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1.8.13

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
1.9.0
Fixed
1.9.9