SNS Vulnerability

Moodle Cross Site Scripting and Request Forgery Vulnerabilities

Description

Multiple vulnerabilities have been identified in Moodle, which could be exploited by attackers or malicious users to disclose sensitive information or manipulate certain data. These issues are caused by input validation errors in the MNET access control interface, blog index page, KSES text cleaning filter and Quiz reports, which could be exploited to gain knowledge of sensitive information or to conduct cross-site request forgery attacks.

Vulnerable Products

Vulnerable Software:
Moodle versions prior to 1.8.13Moodle versions prior to 1.9.9

Solution

Upgrade to Moodle version 1.8.13 or 1.9.9 : http://moodle.org/downloads/

CVE

CVE-2010-2231
CVE-2010-2230
CVE-2010-2229
CVE-2010-2228

References

http://moodle.org/security/
http://tracker.moodle.org/browse/MDL-22040
http://tracker.moodle.org/browse/MDL-22631
http://tracker.moodle.org/browse/MDL-22042
http://tracker.moodle.org/browse/MDL-21688

Vulnerability Manager Detection

IPS Protection

ASQ Engine alarm	Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious tag with event found in data	3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL	3.2.0
XSS - Prevention - POST : suspicious 'object' tag found in data	3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'applet' tag found in data	3.2.0
XSS - Prevention - POST : 'location' javascript object found in data	3.2.0
XSS - Phishing : suspicious 'div' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL	3.2.0
XSS - Prevention - POST : javascript code found in data	3.2.0
XSS - Prevention - POST : suspicious 'iframe' tag found in data	3.2.0
XSS - Prevention - POST : code allowing cookie access found in data	3.2.0
XSS - Phishing : suspicious 'a' tag found in URL	3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL	3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL	3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL	3.2.0
XSS - Phishing : suspicious 'form' tag found in URL	3.2.0
XSS - Prevention - POST : suspicious 'embed' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' tag found in data	3.2.0
XSS - Prevention - GET : javascript code found in URL	3.2.0
XSS - Prevention - POST : suspicious 'div' tag found in data	3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL	3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL	3.2.0
XSS - Phishing : suspicious 'link' tag found in URL	3.2.0
XSS - Prevention - GET : 'script' tag found in URL	3.2.0
XSS - Prevention - POST : 'script' tag found in data	3.2.0
XSS - Prevention - POST : suspicious 'style' attribute found in data	3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL	3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL	3.2.0

Risk level

Moderate

Vulnerability First Public Report Date

2010-06-21

Target Type

Client

Possible exploit

Local & Remote