Moodle 1.9.x < 1.9.12 Multiple Vulnerabilities
Medium Nessus Network Monitor Plugin ID 8709
SynopsisThe remote web server is hosting a web application that is vulnerable to multiple attack vectors.
DescriptionThe remote web server hosts Moodle, an open-source course management system. Versions of Moodle prior to 1.9.12 are potentially affected by multiple vulnerabilities :
- A security bypass flaw exists in Group/Quiz permissions that could allow a teacher assigned to a particular group to access quiz reports for students in other groups. (MSA-11-0013 / CVE-2011-4288)
- A vulnerability assessment performed by a third party has revealed multiple cross-site scripting (XSS) vulnerabilities. Specifically, these affect URL encoding within the script 'lib/weblib.php'. (MSA-11-0015 / CVE-2011-4290)
SolutionUpgrade to Moodle version 1.9.12 or later.