Summary
The version of Moodle on the remote host contains a flaw that allows a remote cross site scripting attack because the application does not validate the 'reply' variable upon submission to the 'post.php' script.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution
Upgrade to Moodle 1.4 or newer.
Severity
Classification
-
CVE CVE-2004-1711 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Andy's PHP Knowledgebase Multiple Cross-Site Scripting Vulnerabilities
- 123 Flash Chat Multiple Security Vulnerabilities
- APC PowerChute Network Shutdown HTTP Response Splitting Vulnerability
- Apache ActiveMQ 'admin/queueBrowse' Cross Site Scripting Vulnerability
- AN Guestbook Local File Inclusion Vulnerability