Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Moodle < 1.8.13 / 1.9.x < 1.9.9 Multiple Vulnerabilities

High

Synopsis

The remote web server is hosting a web application that is vulnerable to multiple attack vectors.

Description

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle prior to 1.8.13 or 1.9.9 are potentially affected by multiple vulnerabilities :

- A persistent cross-site scripting vulnerability in the MNET access control interface. (MSA-10-0010)

- A cross-site scripting vulnerability in 'blog/index.php'. (MSA-10-0011)

- The KSES text cleaning filter may allow registered users to launch persistent cross-site scripting attacks. (MSA-10-012)

- A potential cross-site request forgery vulnerability exists in Quiz reports. (MSA-10-013)

Solution

Upgrade to Moodle version 1.8.13, 1.9.9, or later.