IntraLearn 2.1 Multiple Vulnerabilities http://www.intralearn.com/ 1) Cross-site Scripting (XSS) URL Variables /library/description_link.cfm outline, course /library/courses_catalog.cfm records_to_display, the_start 2) Login Information Cached In Memory The login POST requests for the IntraLearn returns a 200 OK HTTP response code. As long as the browser window is not closed, it is possible for someone to use the browsers "Back" button until the page after the login page is reached. At this point, the browser will prompt the user to re-post the data to the server. This data, the username and password, is pulled from memory and resubmitted to the server. The user will then be authenticated to the IntraLearn application. 3) IntraLearn Physical Path Disclosure Several pages of the IntraLearn web application disclose the physical path of the software installation. By making a direct request to one of several pages, the application wll cause an error message that discloses the information. /help/1/Instructor/Knowledge_Impact_Course.htm /help/1/Instructor/LRN-formatted_Course.htm /help/1/Instructor/Create_Course.htm 2008-02-17 support@intralearn.com contacted 2008-02-21 reply from P.D. @intralearn received; 2.1 is outdated, up to 4.2.3 or 5.1 (soon) to fix 2008-03-15 disclosed Jericho attrition.org