CVE-2009-0502 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2009-0502 Interim 1 5 2023-12-09T02:05:58Z current 2021-05-30T12:45:49Z 2023-12-09T02:05:58Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2009-0502 Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5/#NOZXT5CRBFF3XA2BV65LMEOU4RCEEGD5 E-Mail link for SUSE-SR:2009:007 https://www.suse.com/support/security/rating/ SUSE Security Ratings Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject arbitrary web script or HTML via an HTML block, which is not properly handled when the "Login as" feature is used to visit a MyMoodle or Blog page. CVE-2009-0502 moderate 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N