|
Family: CGI abuses : XSS --> Category: infos
Moodle post.php XSS Vulnerability Scan
Vulnerability Scan Summary Acertains if Moodle is vulnerable to post.php XSS
Detailed Explanation for this Vulnerability Test
The version of Moodle on the remote host contains a flaw that allows a
remote cross site scripting attack because the application does not
validate the 'reply' variable upon submission to the 'post.php'
script.
This could allow a user to create a specially crafted URL that would execute
arbitrary code in a user's browser within the trust relationship between the
browser and the server, leading to a loss of integrity.
Solution : Upgrade to Moodle 1.4 or newer.
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|