| VID |
21300 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The Moodle software is vulnerable to a Cross-Site Scripting vulnerability using 'help.php' script.
Moodle is an open-source PHP-based course management system (CMS) for Microsoft Windows, Unix, and Linux-based platforms. In the versions prior to 1.3 of Moodle, a remote attacker could send a specially-crafted URL link containing embedded HTML or JavaScript to the help.php script as the following:
http://[target.host]/help.php?text=%3Cscript%3Efoo%3C/script%3E
It would be executed in the user's web browser within the security context of the hosting site, once the link is clicked. Using this vulnerability, a remote attacker could steal the cookie-based authentication credentials. Other attacks are also possible.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-04/0357.html
* Platforms Affected:
Moodle moodle 1.1.1
Moodle moodle 1.2
Moodle moodle 1.2.1
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of Moodle (1.3 or later) from the Moodle's Download site: http://moodle.org/mod/resource/view.php?id=8
As a workaround, the following third party patch has been provided by Bartek Nowotarski. It should be noted that this has not been verified by Symantec nor the vendor.
In version 1.2 of the 'help.php' script at line 75, replace the text 'echo "$text";' with 'echo clean_text($text);' |
| Related URL |
CVE-2004-1978 (CVE) |
| Related URL |
10251 (SecurityFocus) |
| Related URL |
16023 (ISS) |
|
