This script is Copyright (C) 2004-2012 Tenable Network Security, Inc.
The remote web server is hosting a PHP application that is affected by
a cross-site scripting vulnerability.
The version of Moodle on the remote host contains a flaw that allows a
remote cross-site scripting attack because the application does not
validate the 'reply' variable on submission to the 'post.php'
This could allow a user to create a specially crafted URL that would
execute arbitrary code in a user's browser within the trust
relationship between the browser and the server, leading to a loss of
See also :
Upgrade to Moodle 1.4 or newer.
Risk factor :
Medium / CVSS Base Score : 4.3
CVSS Temporal Score : 3.7
Public Exploit Available : true