Vulnerabilities

CVE-2014-9059

by Fred · 24/11/2014

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

Date published : 2014-11-24

http://www.securityfocus.com/bid/71133

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966

Similar

Tags: Cybersecurity Alert