Description

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.

Remediation

References

CVE-2009-0502

Related Vulnerabilities

MySQL CVE-2020-14553 Vulnerability (CVE-2020-14553)

Oracle Database Server CVE-2006-1877 Vulnerability (CVE-2006-1877)

WordPress Plugin My Category Order Cross-Site Scripting (4.3)

IBM WebSEAL Use of a Broken or Risky Cryptographic Algorithm Vulnerability (CVE-2019-4156)

WordPress Plugin Nextend Google Connect Cross-Site Scripting (1.5.0)

Severity

Medium

Classification

CVE-2009-0502 CWE-707

Tags

Missing Update Known Vulnerabilities