moodle: cross-site scripting
| Package(s): | moodle | CVE #(s): | CVE-2010-4207 CVE-2010-4208 CVE-2010-4209 | ||||||||||||||||||||||||
| Created: | November 12, 2010 | Updated: | November 17, 2010 | ||||||||||||||||||||||||
| Description: | From the openSUSE advisory:
CVE-2010-4207: Cross-site scripting vulnerability in the Flash component infrastructure in YUI allows remote attackers to inject arbitrary web script or HTML via charts/assets/charts.swf. CVE-2010-4208: Cross-site scripting vulnerability in the Flash component infrastructure in YUI allows remote attackers to inject arbitrary web script or HTML via uploader/assets/uploader.swf. CVE-2010-4209: Cross-site scripting vulnerability in the Flash component infrastructure in YUI allows remote attackers to inject arbitrary web script or HTML via swfstore/swfstore.swf. | ||||||||||||||||||||||||||
| Alerts: |
| ||||||||||||||||||||||||||