icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

Moodle < 1.8.13 / 1.9.x < 1.9.9 Multiple Vulnerabilities

High

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle prior to 1.8.13 or 1.9.9 are potentially affected by multiple vulnerabilities :

- A persistent cross-site scripting vulnerability in the MNET access control interface. (MSA-10-0010)

- A cross-site scripting vulnerability in 'blog/index.php'. (MSA-10-0011)

- The KSES text cleaning filter may allow registered users to launch persistent cross-site scripting attacks. (MSA-10-012)

- A potential cross-site request forgery vulnerability exists in Quiz reports. (MSA-10-013)

Solution

Upgrade to Moodle version 1.8.13, 1.9.9, or later.