CVE-2012-2362 - Vulnerability Details - OpenCVE

Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Moodle	Moodle

Configuration 1 [-]

OR	cpe:2.3:a:moodle:moodle:1.9.1:::::::*
	cpe:2.3:a:moodle:moodle:1.9.2:::::::*
	cpe:2.3:a:moodle:moodle:1.9.3:::::::*
	cpe:2.3:a:moodle:moodle:1.9.4:::::::*
	cpe:2.3:a:moodle:moodle:1.9.5:::::::*
	cpe:2.3:a:moodle:moodle:1.9.6:::::::*
	cpe:2.3:a:moodle:moodle:1.9.7:::::::*
	cpe:2.3:a:moodle:moodle:1.9.8:::::::*
	cpe:2.3:a:moodle:moodle:1.9.9:::::::*
	cpe:2.3:a:moodle:moodle:1.9.10:::::::*
	cpe:2.3:a:moodle:moodle:1.9.11:::::::*
	cpe:2.3:a:moodle:moodle:1.9.12:::::::*
	cpe:2.3:a:moodle:moodle:1.9.13:::::::*
	cpe:2.3:a:moodle:moodle:1.9.14:::::::*
	cpe:2.3:a:moodle:moodle:1.9.15:::::::*
	cpe:2.3:a:moodle:moodle:1.9.16:::::::*
	cpe:2.3:a:moodle:moodle:1.9.17:::::::*

No data.

References

Link	Providers
http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=038131c8b5614f18c14d964dc53b6960ae6c30d8
http://openwall.com/lists/oss-security/2012/05/23/2
http://osvdb.org/82069
https://moodle.org/mod/forum/discuss.php?d=203052

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-07-21T01:00:00

Updated: 2024-08-06T19:34:25.468Z

Reserved: 2012-04-19T00:00:00

Link: CVE-2012-2362

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2012-07-21T03:38:56.237

Modified: 2025-04-11T00:51:21.963

Link: CVE-2012-2362

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2012-05-23T00:00:00", "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2012-07-25T09:00:00", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "82069", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/82069"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://moodle.org/mod/forum/discuss.php?d=203052"}, {"name": "[oss-security] 20120523 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://openwall.com/lists/oss-security/2012/05/23/2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=038131c8b5614f18c14d964dc53b6960ae6c30d8"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T19:34:25.468Z"}, "title": "CVE Program Container", "references": [{"name": "82069", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/82069"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://moodle.org/mod/forum/discuss.php?d=203052"}, {"name": "[oss-security] 20120523 Moodle security notifications public", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://openwall.com/lists/oss-security/2012/05/23/2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=038131c8b5614f18c14d964dc53b6960ae6c30d8"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2012-2362", "datePublished": "2012-07-21T01:00:00", "dateReserved": "2012-04-19T00:00:00", "dateUpdated": "2024-08-06T19:34:25.468Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*", "matchCriteriaId": "24F2602B-8ED3-4026-A9A4-31BE8BDC7724", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*", "matchCriteriaId": "D7F24649-B67F-4809-9F54-7B623AEF5A4A", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.3:*:*:*:*:*:*:*", "matchCriteriaId": "6B81655E-C3B5-4115-A4C4-B7AC2FCDAB7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.4:*:*:*:*:*:*:*", "matchCriteriaId": "ED9C3840-66BE-47EC-9F0C-E9D2171FF0B2", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.5:*:*:*:*:*:*:*", "matchCriteriaId": "DBD062EB-1B1F-4DC8-A4F9-C2EC7D401E9D", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.6:*:*:*:*:*:*:*", "matchCriteriaId": "291F73E9-1059-4E7F-860F-0DF2A35AA456", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.7:*:*:*:*:*:*:*", "matchCriteriaId": "0EB5859E-0996-46B5-BB44-34BD6EACBCF5", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.8:*:*:*:*:*:*:*", "matchCriteriaId": "F87F6707-99AB-478A-909D-1D87298D5514", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.9:*:*:*:*:*:*:*", "matchCriteriaId": "4BCE8B26-58BB-471C-B291-E6AE22B96C5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.10:*:*:*:*:*:*:*", "matchCriteriaId": "768CE5AF-955B-4148-998A-A46BBDBA618B", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.11:*:*:*:*:*:*:*", "matchCriteriaId": "4283440F-9B21-4CE9-81FF-79DF3DEDCEE7", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.12:*:*:*:*:*:*:*", "matchCriteriaId": "A989FADA-89C3-472B-86BF-0630D1CBBCA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.13:*:*:*:*:*:*:*", "matchCriteriaId": "4FAF84CB-46F1-4F37-BBAC-1CED0600B5B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.14:*:*:*:*:*:*:*", "matchCriteriaId": "8FCA633D-E6CA-4D38-937B-9F83179CDAEA", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.15:*:*:*:*:*:*:*", "matchCriteriaId": "8004AA63-BD38-40A6-9505-2C9C19DC0CB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.16:*:*:*:*:*:*:*", "matchCriteriaId": "FF6B0210-CD17-49AC-976E-4A8BF3A56CAE", "vulnerable": true}, {"criteria": "cpe:2.3:a:moodle:moodle:1.9.17:*:*:*:*:*:*:*", "matchCriteriaId": "559DE693-868A-49E2-A8AE-A5282FBEBDCF", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Cross-site scripting (XSS) vulnerability in blog/lib.php in the blog implementation in Moodle 1.9.x before 1.9.18, when Internet Explorer is used, allows remote attackers to inject arbitrary web script or HTML via a crafted parameter to blog/index.php."}, {"lang": "es", "value": "Vulnerabilidad de ejecuci\u00f3n de secuencias de comandos en sitios cruzados (XSS) en blog/lib.php en la implementaci\u00f3n del blog en Moodle v1.9.x anteriores a v1.9.18 \r\npermite a atacantes remotos inyectar secuencias de comandos web o HTML a trav\u00e9s de un par\u00e1metro manipuolado sobre blog/index.php."}], "id": "CVE-2012-2362", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2012-07-21T03:38:56.237", "references": [{"source": "secalert@redhat.com", "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=038131c8b5614f18c14d964dc53b6960ae6c30d8"}, {"source": "secalert@redhat.com", "url": "http://openwall.com/lists/oss-security/2012/05/23/2"}, {"source": "secalert@redhat.com", "url": "http://osvdb.org/82069"}, {"source": "secalert@redhat.com", "url": "https://moodle.org/mod/forum/discuss.php?d=203052"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=038131c8b5614f18c14d964dc53b6960ae6c30d8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://openwall.com/lists/oss-security/2012/05/23/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/82069"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://moodle.org/mod/forum/discuss.php?d=203052"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}]}