CVE-2013-7341
EPSS 0.26%Moodle cross-site scripting (XSS) vulnerabilities
發布日:2022/5/13修改日:2024/12/3
描述
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
受影響套件(2)
- Packagist/moodle/moodlefrom 0, < 2.4.9
- Packagist/typo3/cms>= 6.2.0, < 6.2.14
參考連結(13)
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2013-7341
- PATCHhttps://github.com/moodle/moodle
- WEBhttp://flash.flowplayer.org/documentation/version-history.html
- WEBhttp://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
- WEBhttp://openwall.com/lists/oss-security/2014/03/17/1
- WEBhttps://github.com/flowplayer/flash/issues/121
- WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml
- WEBhttps://github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9
- WEBhttps://github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791
- WEBhttps://github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066
- WEBhttps://github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a
- WEBhttps://moodle.org/mod/forum/discuss.php?d=256420
- WEBhttps://typo3.org/security/advisory/typo3-core-sa-2015-007