CVE-2009-0502 (retired)

Priority
Description
Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in
Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8
before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject
arbitrary web script or HTML via an HTML block, which is not properly
handled when the "Login as" feature is used to visit a MyMoodle or Blog
page.
Package
Upstream:released (1.9.4)
More Information

Updated: 2019-03-26 11:47:07 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)