mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
185 lines
6.5 KiB
JSON
185 lines
6.5 KiB
JSON
{
|
|
"id": "CVE-2010-1619",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2010-04-29T21:30:00.853",
|
|
"lastModified": "2024-11-21T01:14:49.410",
|
|
"vulnStatus": "Modified",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "Cross-site scripting (XSS) vulnerability in the fix_non_standard_entities function in the KSES HTML text cleaning library (weblib.php), as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8, allows remote attackers to inject arbitrary web script or HTML via crafted HTML entities."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en la funci\u00f3n fix_non_standard_entities en la biblioteca de limpieza de texto KSES HTML (weblib.php), utilizado en Moodle v1.8.x antes de v1.8.12 y v1.9.x antes de v1.9.8, permite a atacantes remotos la ejecuci\u00f3n de secuencias de comandos web o HTML a trav\u00e9s de entidades HTML manipuladas."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV2": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"cvssData": {
|
|
"version": "2.0",
|
|
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
|
|
"baseScore": 4.3,
|
|
"accessVector": "NETWORK",
|
|
"accessComplexity": "MEDIUM",
|
|
"authentication": "NONE",
|
|
"confidentialityImpact": "NONE",
|
|
"integrityImpact": "PARTIAL",
|
|
"availabilityImpact": "NONE"
|
|
},
|
|
"baseSeverity": "MEDIUM",
|
|
"exploitabilityScore": 8.6,
|
|
"impactScore": 2.9,
|
|
"acInsufInfo": false,
|
|
"obtainAllPrivilege": false,
|
|
"obtainUserPrivilege": false,
|
|
"obtainOtherPrivilege": false,
|
|
"userInteractionRequired": false
|
|
}
|
|
]
|
|
},
|
|
"weaknesses": [
|
|
{
|
|
"source": "nvd@nist.gov",
|
|
"type": "Primary",
|
|
"description": [
|
|
{
|
|
"lang": "en",
|
|
"value": "CWE-79"
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"configurations": [
|
|
{
|
|
"nodes": [
|
|
{
|
|
"operator": "OR",
|
|
"negate": false,
|
|
"cpeMatch": [
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "492A28FE-A2F8-4FF7-AC5B-0C3F5508506D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "28A897CA-3D8F-4575-BBD2-1C0C5A2ECC99"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A4A3A5D9-D96E-46B3-AC22-25045564EB96"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "AF91F8EA-1737-4E11-9931-ACAFB4BC0018"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "1E81E148-5710-439C-8A1A-884D27640AAD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "A3B70465-F734-4C65-9790-0D83D03B7A16"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DE2C0217-A25A-4D0A-8CC6-64DEBC9E198F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.8:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "7949FC50-81B9-44AD-BB1B-91D025B34FF6"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.9:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "83AA5D08-CF62-45A8-A8FE-18F76BA8ECA5"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.10:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "2C61F076-71AC-4AEF-BECF-9EF0B05CEB77"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.8.11:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "18A3C2C4-A1FE-422C-81DB-9E46035106FD"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "24F2602B-8ED3-4026-A9A4-31BE8BDC7724"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "D7F24649-B67F-4809-9F54-7B623AEF5A4A"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "291F73E9-1059-4E7F-860F-0DF2A35AA456"
|
|
},
|
|
{
|
|
"vulnerable": true,
|
|
"criteria": "cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*",
|
|
"matchCriteriaId": "0EB5859E-0996-46B5-BB44-34BD6EACBCF5"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
],
|
|
"references": [
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://moodle.org/security/",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2010/1107",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://moodle.org/security/",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
},
|
|
{
|
|
"url": "http://www.vupen.com/english/advisories/2010/1107",
|
|
"source": "af854a3a-2127-422b-91ae-364da2661108"
|
|
}
|
|
]
|
|
} |