CVE-2008-3326 | SynScan

Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2008-3326

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

Published: Jul 25, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-3326
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
moodle / moodle	1.6.1	1.6.1.x
moodle / moodle	1.6.5	1.6.5.x
moodle / moodle	1.6.2	1.6.2.x
moodle / moodle	1.7.1	1.7.1.x
moodle / moodle	1.6.4	1.6.4.x
moodle / moodle	1.7.3	1.7.3.x
moodle / moodle	1.7.2	1.7.2.x
moodle / moodle	1.6.3	1.6.3.x
moodle / moodle	1.6.6	1.6.6.x
moodle / moodle	1.7.4	1.7.4.x
moodle / moodle	1.6.0	1.6.0.x