lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2014-11-24T11:00:00

Updated: 2024-08-06T13:33:13.509Z

Reserved: 2014-11-24T00:00:00

Link: CVE-2014-9059

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2014-11-24T11:59:14.183

Modified: 2020-12-01T14:54:45.183

Link: CVE-2014-9059

cve-icon Redhat

No data.