Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-10T02:00:00

Updated: 2024-08-07T04:40:03.511Z

Reserved: 2009-02-09T00:00:00

Link: CVE-2009-0502

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2009-02-10T02:30:00.563

Modified: 2024-11-21T01:00:03.647

Link: CVE-2009-0502

cve-icon Redhat

Severity : Moderate

Publid Date: 2009-02-04T00:00:00Z

Links: CVE-2009-0502 - Bugzilla