| Package(s): | moodle |
CVE #(s): | CVE-2013-4313
CVE-2013-4341
|
| Created: | September 19, 2013 |
Updated: | September 25, 2013 |
| Description: |
From the CVE entries:
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injection attacks against Microsoft SQL Server via a crafted string. (CVE-2013-4313)
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed. (CVE-2013-4341) |
| Alerts: |
|
( Log in to post comments)
|
|
