CVE-2008-3326

N/A Unknown

Published: July 25, 2008 Modified: April 23, 2026

Description

Cross-site scripting (XSS) vulnerability in blog/edit.php in Moodle 1.6.x before 1.6.7 and 1.7.x before 1.7.5 allows remote attackers to inject arbitrary web script or HTML via the etitle parameter (blog entry title).

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html

Source: cve@mitre.org

http://moodle.org/mod/forum/discuss.php?d=101401

Source: cve@mitre.org

http://secunia.com/advisories/31196

Source: cve@mitre.org

http://secunia.com/advisories/31339

Source: cve@mitre.org

http://www.debian.org/security/2008/dsa-1691

Source: cve@mitre.org

http://www.procheckup.com/Vulnerability_PR08-13.php

Source: cve@mitre.org

Exploit

http://www.securityfocus.com/archive/1/494656/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/30348

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43961

Source: cve@mitre.org

https://www.exploit-db.com/exploits/6653

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2008-08/msg00001.html