Summary
This host is running Moodle CMS and is prone to Multiple Vulnerabilities.
Impact
Successful exploitation will allow remote attackers to cause Cross Site Scripting attacks, can gain sensitive information about the user or the remote host or can delete unauthorised posts through injecting malicious web scripts.
Impact level: System/Application
Solution
Upgrade to latest version 1.6.9, 1.7.7, 1.8.8 and 1.9.4 http://moodle.org/downloads
Insight
Multiple flaws are due to
- Vulnerability in post.php for IMG tag which allows unauthorised access to user's posts.
- XSS Vulnerability in course/lib.php which allows injection of arbitrary web scripts or malicious HTML codes while displaying the log report in browser due to lack of sanitization.
- Unspecified vulnerability in the Calendar export feature which causes conducting brute force attacks.
- XSS Vulnerability in blocks/html/block_html.php which allows injection of arbitracy scripts of malformed HTML codes injection.
Affected
Moodle version from 1.6 prior to 1.6.9,
Moodle version from 1.7 prior to 1.7.7,
Moodle version from 1.8 prior to 1.8.8 and
Moodle version from 1.9 prior to 1.9.4 on all platforms.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2009-0499, CVE-2009-0500, CVE-2009-0501, CVE-2009-0502 -
CVSS Base Score: 6.4
AV:N/AC:L/Au:N/C:N/I:P/A:P
Related Vulnerabilities
- Adobe ColdFusion Multiple Cross Site Scripting Vulnerabilities
- Adiscon LogAnalyzer 'highlight' Parameter Cross Site Scripting Vulnerability
- Alt-N WebAdmin Remote Source Code Information Disclosure Vulnerability
- Aker Secure Mail Gateway Cross-Site Scripting Vulnerability
- Apache ActiveMQ Persistent Cross-Site Scripting Vulnerability