| Topic: | Vulnerability in Snoopy 1.2.3 |
| Severity: | Major |
| Versions affected: | < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 |
| Reported by: | The Rat |
| Issue no.: | MDL-17236, CVE-2009-0502 |
| Solution: | update to latest releases or weeklies http://cvs.moodle.org/moodle/blocks/html/config_instance.html?r1=1.6&r2=1.6.10.1 http://cvs.moodle.org/moodle/blocks/html/block_html.php?r1=1.8.22.6&r2=1.8.22.7 |
Description:
It was reported that there is a XSS vulnerability in HTML block, it can be exploited if teacher or administrator uses "Login as" and goes to MyMoodle or Blog page of that user.