VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 11, 2008· Updated Apr 23, 2026

CVE-2008-5432

CVE-2008-5432

Description

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Cross-site scripting in Moodle Wiki page titles allows remote attackers to inject arbitrary web script or HTML.

Vulnerability

A cross-site scripting (XSS) vulnerability exists in Moodle's Wiki module where page names (titles) are not sanitized before being output. This affects Moodle versions before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 [1]. The flaw occurs when a wiki page name containing malicious script is displayed to users.

Exploitation

An attacker with the ability to create or edit wiki pages can craft a page title containing arbitrary HTML or JavaScript. When other users view the wiki page or a listing that includes the page name, the injected script executes in their browser. No additional authentication is required beyond the privileges needed to create wiki pages.

Impact

Successful exploitation allows the attacker to execute arbitrary web script or HTML in the context of the victim's browser. This can lead to session hijacking, credential theft, defacement, or other malicious actions performed on behalf of the victim user.

Mitigation

The vulnerability is fixed in Moodle versions 1.6.8, 1.7.6, 1.8.7, and 1.9.3 [1]. Users should upgrade to these or later versions. No workarounds are documented in the available references.

References
  1. security - CVE request: moodle (XSS)

AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

41
  • Moodle/Moodle41 versions
    cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*+ 40 more
    • cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*range: <=1.6.7
    • cpe:2.3:a:moodle:moodle:1.1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.3.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.4.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.4.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.4.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.6.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.6.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.6.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.7.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.7.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.7.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.7.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.7.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.2:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.3:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.4:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.5:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.8.6:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.0:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.1:*:*:*:*:*:*:*
    • cpe:2.3:a:moodle:moodle:1.9.2:*:*:*:*:*:*:*
    • (no CPE)range: <=1.6.7, <=1.7.5, <=1.8.6, <=1.9.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

9

News mentions

0

No linked articles in our index yet.