Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2009-0502

Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.

Related bugs and status

CVE-2009-0502 (Candidate) is related to these bugs:

Bug #322961: merge moodle 1.8.2.dfsg-3

Summary				In	Importance	Status
	322961	merge moodle 1.8.2.dfsg-3		moodle (Ubuntu)	High	Fix Released
	322961	merge moodle 1.8.2.dfsg-3		moodle (Ubuntu Jaunty)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2009020...
CONFIRM: http://moodle.org/secu...
SUSE: SUSE-SR:2009:007
SECUNIA: 34418
DEBIAN: DSA-1724
SECUNIA: 33955