Vulnerability Name:

CVE-2008-0123 (CCN-39630)

Assigned:2008-01-11
Published:2008-01-11
Updated:2018-10-15
Summary:Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter.
Note: this issue only exists until the installation is complete.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-79
Vulnerability Consequences:Gain Access
References:Source: CCN
Type: BugTraq Mailing List, Fri Jan 11 2008 - 17:51:55 CST
Cross site scripting (XSS) in Moodle 1.8.3

Source: FULLDISC
Type: Exploit
20080111 Cross site scripting (XSS) in Moodle 1.8.3

Source: MITRE
Type: CNA
CVE-2008-0123

Source: MISC
Type: Exploit
http://int21.de/cve/CVE-2008-0123-moodle.html

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:003

Source: CCN
Type: Moodle Web Site
Moodle

Source: SECUNIA
Type: UNKNOWN
28838

Source: CCN
Type: OSVDB ID: 42675
Moodle install.php dbname Parameter XSS

Source: BUGTRAQ
Type: UNKNOWN
20080111 Cross site scripting (XSS) in Moodle 1.8.3

Source: BID
Type: UNKNOWN
27259

Source: CCN
Type: BID-27259
Moodle 'install.php' Cross Site Scripting Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2008-0164

Source: XF
Type: UNKNOWN
moodle-install-xss(39630)

Source: XF
Type: UNKNOWN
moodle-install-xss(39630)

Source: SUSE
Type: SUSE-SR:2008:003
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:moodle:moodle:*:*:*:*:*:*:*:* (Version <= 1.8.3)

    • Configuration CCN 1:
  • cpe:/a:moodle:moodle:1.8.3:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20080123
    V
    		CVE-2008-0123
    2012-11-01
    BACK
    moodle moodle *
    moodle moodle 1.8.3