lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2014-11-24T11:00:00
Updated: 2024-08-06T13:33:13.509Z
Reserved: 2014-11-24T00:00:00
Link: CVE-2014-9059
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-11-24T11:59:14.183
Modified: 2024-11-21T02:20:10.857
Link: CVE-2014-9059
Redhat
No data.