mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-07-29 05:56:17 +00:00
189 lines
6.4 KiB
JSON
189 lines
6.4 KiB
JSON
{
|
|
"id": "CVE-2012-2364",
|
|
"sourceIdentifier": "secalert@redhat.com",
|
|
"published": "2012-07-21T03:38:56.377",
|
|
"lastModified": "2023-02-13T04:33:29.637",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to inject arbitrary web script or HTML via an assignment submission with zip compression, leading to text/html rendering during a \"download all\" action."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en lib/filelib.php en Moodle v2.0.x antgeriores a v2.0.9, v2.1.x anteriores v2.1.6, y v2.2.x anteriores a v2.2.3 permite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un asignaci\u00f3n de presentaci\u00f3n con compresi\u00f3n ZIP, que conduce a un dibujo de un fichero text/html durante una acci\u00f3n \"download all\"."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "SINGLE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 3.5
|
|
},
|
|
"baseSeverity": "LOW",
|
|
"exploitabilityScore": 6.8,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": true
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DD248A1D-CACC-4E76-925A-078B736442AE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "9B8A0403-0869-495F-B7C0-13A387549C7A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "39791F43-CF89-485B-AA8B-634C282BB025"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "428E4846-8C9E-4592-8437-88FCDCED704D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A4096977-3258-48B0-9C7B-D43FBC8BB1EA"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "448E5353-CD0E-407C-84F4-5E6D014A28FE"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D57A08BD-67FA-4899-96BD-C84896321E51"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2D1221DB-8DD0-4DB6-AAF8-BE80C7B4F58F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.0.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "481F0F56-7FF1-4B40-B231-A39B66353646"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.1.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18C6F348-DAE9-4440-8B3A-8D92ADC6606F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.1.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "367537BF-CBDF-4CBB-91B4-6E5A567EF605"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.1.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DABBF325-C48A-4838-AC5D-0565C78976CD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.1.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "02B72177-DFB0-4242-9ED6-068E5751579B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.1.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7226EE65-CC9F-4FDA-9791-3C8047D5C04C"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.1.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "FDC55ECE-8185-4FC0-A4C9-14AABD136650"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.2.0:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "15A73CE2-73DA-4274-89E0-DD9A413ED17F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.2.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "39075F6E-2925-4897-B1DE-C86A066DF54B"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:2.2.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "179DBC2B-B35F-4A19-B522-DF996D5E13E4"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=ce4126c7a9e07dd0514f7ac297b5e60cad0b8d20",
|
|
"source": "secalert@redhat.com"
|
|
},
|
|
{
|
|
"url": "http://openwall.com/lists/oss-security/2012/05/23/2",
|
|
"source": "secalert@redhat.com"
|
|
}
|
|
]
|
|
} |