Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2014-9059

Date: November 24, 2014

lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.

Language: PHP

Severity Score

Related Resources (14)

https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a
https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133
http://www.securityfocus.com/bid/71133
https://moodle.org/mod/forum/discuss.php?d=275146
https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
http://www.securitytracker.com/id/1031215
https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6
https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0
https://nvd.nist.gov/vuln/detail/CVE-2014-9059
https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42
https://github.com/moodle/moodle
http://openwall.com/lists/oss-security/2014/11/17/11
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
https://www.mend.io/vulnerability-database/CVE-2014-9059

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): NONE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us