openSUSE 10 Security Update : moodle (moodle-4964)
Medium Nessus Plugin ID 30181
SynopsisThe remote openSUSE host is missing a security update.
DescriptionThe install script of moodle is vulnerable to cross site scripting (XSS). This flaw is only exploitable if moodle isn't fully installed yet. Therefore it's unlikely to be much of a problem in practice. To actually exploit it an attacker would have to know about a person that is just about to install moodle (CVE-2008-0123).
SolutionUpdate the affected moodle packages.