Vulnerability Scanning Solutions, LLC.
Home
Our Process
Residential
Corporate
What We Scan For
Sample Report
Client List
Terms
Contact Us
What We Scan For
Family: CGI abuses : XSS --> Category: infos

Moodle post.php XSS Vulnerability Scan


Vulnerability Scan Summary
Acertains if Moodle is vulnerable to post.php XSS

Detailed Explanation for this Vulnerability Test


The version of Moodle on the remote host contains a flaw that allows a
remote cross site scripting attack because the application does not
validate the 'reply' variable upon submission to the 'post.php'
script.

This could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship between the
browser and the server, leading to a loss of integrity.

Solution : Upgrade to Moodle 1.4 or newer.
Threat Level: Medium

Click HERE for more information and discussions on this network vulnerability scan.

VSS, LLC.

P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.