Upstream information

CVE-2010-2228 at MITRE

Description

Cross-site scripting (XSS) vulnerability in the MNET access-control interface in Moodle before 1.8.13 and 1.9.x before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via vectors involving extended characters in a username.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 4.3
Vector AV:N/AC:M/Au:N/C:N/I:P/A:N
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact None
Integrity Impact Partial
Availability Impact None
SUSE Bugzilla entry: 616186 [CLOSED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • moodle-debuginfo >= 1.9.9-0.1
openSUSE 11.0
  • moodle >= 1.9.9-0.1
  • moodle-af >= 1.9.9-0.1
  • moodle-ar >= 1.9.9-0.1
  • moodle-be >= 1.9.9-0.1
  • moodle-bg >= 1.9.9-0.1
  • moodle-bs >= 1.9.9-0.1
  • moodle-ca >= 1.9.9-0.1
  • moodle-cs >= 1.9.9-0.1
  • moodle-da >= 1.9.9-0.1
  • moodle-de >= 1.9.9-0.1
  • moodle-de_du >= 1.9.9-0.1
  • moodle-el >= 1.9.9-0.1
  • moodle-es >= 1.9.9-0.1
  • moodle-et >= 1.9.9-0.1
  • moodle-eu >= 1.9.9-0.1
  • moodle-fa >= 1.9.9-0.1
  • moodle-fi >= 1.9.9-0.1
  • moodle-fr >= 1.9.9-0.1
  • moodle-ga >= 1.9.9-0.1
  • moodle-gl >= 1.9.9-0.1
  • moodle-he >= 1.9.9-0.1
  • moodle-hi >= 1.9.9-0.1
  • moodle-hr >= 1.9.9-0.1
  • moodle-hu >= 1.9.9-0.1
  • moodle-id >= 1.9.9-0.1
  • moodle-is >= 1.9.9-0.1
  • moodle-it >= 1.9.9-0.1
  • moodle-ja >= 1.9.9-0.1
  • moodle-ka >= 1.9.9-0.1
  • moodle-km >= 1.9.9-0.1
  • moodle-kn >= 1.9.9-0.1
  • moodle-ko >= 1.9.9-0.1
  • moodle-lt >= 1.9.9-0.1
  • moodle-lv >= 1.9.9-0.1
  • moodle-mi_tn >= 1.9.9-0.1
  • moodle-ms >= 1.9.9-0.1
  • moodle-nl >= 1.9.9-0.1
  • moodle-nn >= 1.9.9-0.1
  • moodle-no >= 1.9.9-0.1
  • moodle-pl >= 1.9.9-0.1
  • moodle-pt >= 1.9.9-0.1
  • moodle-ro >= 1.9.9-0.1
  • moodle-ru >= 1.9.9-0.1
  • moodle-sk >= 1.9.9-0.1
  • moodle-sl >= 1.9.9-0.1
  • moodle-so >= 1.9.9-0.1
  • moodle-sq >= 1.9.9-0.1
  • moodle-sr >= 1.9.9-0.1
  • moodle-sv >= 1.9.9-0.1
  • moodle-th >= 1.9.9-0.1
  • moodle-tl >= 1.9.9-0.1
  • moodle-tr >= 1.9.9-0.1
  • moodle-uk >= 1.9.9-0.1
  • moodle-vi >= 1.9.9-0.1
  • moodle-zh_cn >= 1.9.9-0.1
openSUSE 11.1
  • moodle-debuginfo >= 1.9.9-0.1.1
openSUSE 11.1
  • moodle >= 1.9.9-0.1.1
  • moodle-af >= 1.9.9-0.1.1
  • moodle-ar >= 1.9.9-0.1.1
  • moodle-be >= 1.9.9-0.1.1
  • moodle-bg >= 1.9.9-0.1.1
  • moodle-bs >= 1.9.9-0.1.1
  • moodle-ca >= 1.9.9-0.1.1
  • moodle-cs >= 1.9.9-0.1.1
  • moodle-da >= 1.9.9-0.1.1
  • moodle-de >= 1.9.9-0.1.1
  • moodle-de_du >= 1.9.9-0.1.1
  • moodle-el >= 1.9.9-0.1.1
  • moodle-es >= 1.9.9-0.1.1
  • moodle-et >= 1.9.9-0.1.1
  • moodle-eu >= 1.9.9-0.1.1
  • moodle-fa >= 1.9.9-0.1.1
  • moodle-fi >= 1.9.9-0.1.1
  • moodle-fr >= 1.9.9-0.1.1
  • moodle-ga >= 1.9.9-0.1.1
  • moodle-gl >= 1.9.9-0.1.1
  • moodle-he >= 1.9.9-0.1.1
  • moodle-hi >= 1.9.9-0.1.1
  • moodle-hr >= 1.9.9-0.1.1
  • moodle-hu >= 1.9.9-0.1.1
  • moodle-id >= 1.9.9-0.1.1
  • moodle-is >= 1.9.9-0.1.1
  • moodle-it >= 1.9.9-0.1.1
  • moodle-ja >= 1.9.9-0.1.1
  • moodle-ka >= 1.9.9-0.1.1
  • moodle-km >= 1.9.9-0.1.1
  • moodle-kn >= 1.9.9-0.1.1
  • moodle-ko >= 1.9.9-0.1.1
  • moodle-lt >= 1.9.9-0.1.1
  • moodle-lv >= 1.9.9-0.1.1
  • moodle-mi_tn >= 1.9.9-0.1.1
  • moodle-ms >= 1.9.9-0.1.1
  • moodle-nl >= 1.9.9-0.1.1
  • moodle-nn >= 1.9.9-0.1.1
  • moodle-no >= 1.9.9-0.1.1
  • moodle-pl >= 1.9.9-0.1.1
  • moodle-pt >= 1.9.9-0.1.1
  • moodle-ro >= 1.9.9-0.1.1
  • moodle-ru >= 1.9.9-0.1.1
  • moodle-sk >= 1.9.9-0.1.1
  • moodle-sl >= 1.9.9-0.1.1
  • moodle-so >= 1.9.9-0.1.1
  • moodle-sq >= 1.9.9-0.1.1
  • moodle-sr >= 1.9.9-0.1.1
  • moodle-sv >= 1.9.9-0.1.1
  • moodle-th >= 1.9.9-0.1.1
  • moodle-tl >= 1.9.9-0.1.1
  • moodle-tr >= 1.9.9-0.1.1
  • moodle-uk >= 1.9.9-0.1.1
  • moodle-vi >= 1.9.9-0.1.1
  • moodle-zh_cn >= 1.9.9-0.1.1