Summary
The version of Moodle on the remote host contains a flaw that allows a remote cross site scripting attack because the application does not validate the 'reply' variable upon submission to the 'post.php' script.
This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Solution
Upgrade to Moodle 1.4 or newer.
Severity
Classification
-
CVE CVE-2004-1711 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities
- Apache Solr XML External Entity(XXE) Vulnerability-01 Jan-14
- Apache Tomcat cal2.jsp Cross Site Scripting Vulnerability
- Apache Struts CookBook/Examples Multiple Cross-Site Scripting Vulnerabilities
- AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities
- Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability