Moodle 'etitle' Parameter HTML Injection Vulnerability
BID:30348
Info
Moodle 'etitle' Parameter HTML Injection Vulnerability
| Bugtraq ID: | 30348 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3326 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 22 2008 12:00AM |
| Updated: | Dec 30 2008 05:51PM |
| Credit: | Adrian Pastor and Amir Azam of ProCheckUp Ltd. |
| Vulnerable: |
S.u.S.E. openSUSE 11.0 S.u.S.E. openSUSE 10.3 S.u.S.E. openSUSE 10.2 Moodle moodle 1.7.5 Moodle moodle 1.7.4 Moodle moodle 1.7.3 Moodle moodle 1.7.2 Moodle moodle 1.7.1 Moodle moodle 1.6.6 Moodle moodle 1.6.5 Moodle moodle 1.6.4 Moodle moodle 1.6.3 Moodle moodle 1.6.2 Moodle moodle 1.6.1 Moodle moodle 1.6 Moodle moodle 1.7 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 |
| Not Vulnerable: |
Moodle moodle 1.6.7 |
Discussion
Moodle 'etitle' Parameter HTML Injection Vulnerability
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Moodle is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content.
Attacker-supplied HTML and script code would run in the context of the affected browser, potentially allowing the attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user. Other attacks are also possible.
Exploit / POC
Moodle 'etitle' Parameter HTML Injection Vulnerability
Attackers can use a browser to exploit this issue.
Attackers can use a browser to exploit this issue.
Solution / Fix
Moodle 'etitle' Parameter HTML Injection Vulnerability
Solution:
The vendor has released updates. Please see the references for more information.
Debian Linux 4.0 amd64
Debian Linux 4.0 ia-32
Debian Linux 4.0 arm
Debian Linux 4.0 hppa
Debian Linux 4.0 sparc
Debian Linux 4.0 s/390
Debian Linux 4.0 powerpc
Debian Linux 4.0 alpha
Debian Linux 4.0 m68k
Debian Linux 4.0
Debian Linux 4.0 mipsel
Debian Linux 4.0 ia-64
Debian Linux 4.0 mips
Moodle moodle 1.6.2
Moodle moodle 1.6.3
Moodle moodle 1.6.4
Moodle moodle 1.6.5
Moodle moodle 1.6.6
Moodle moodle 1.7.1
Moodle moodle 1.7.2
Moodle moodle 1.7.3
Moodle moodle 1.7.4
Solution:
The vendor has released updates. Please see the references for more information.
Debian Linux 4.0 amd64
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 ia-32
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 arm
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 hppa
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 sparc
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 s/390
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 powerpc
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 alpha
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 m68k
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 mipsel
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 ia-64
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Debian Linux 4.0 mips
-
Debian moodle_1.6.3-2+etch1_all.deb
http://security.debian.org/pool/updates/main/m/moodle/moodle_1.6.3-2+e tch1_all.deb
Moodle moodle 1.6.2
-
Moodle moodle-1.6.7.tgz
http://download.moodle.org/download.php/stable16/moodle-1.6.7.tgz
Moodle moodle 1.6.3
-
Moodle moodle-1.6.7.tgz
http://download.moodle.org/download.php/stable16/moodle-1.6.7.tgz
Moodle moodle 1.6.4
-
Moodle moodle-1.6.7.tgz
http://download.moodle.org/download.php/stable16/moodle-1.6.7.tgz
Moodle moodle 1.6.5
-
Moodle moodle-1.6.7.tgz
http://download.moodle.org/download.php/stable16/moodle-1.6.7.tgz
Moodle moodle 1.6.6
-
Moodle moodle-1.6.7.tgz
http://download.moodle.org/download.php/stable16/moodle-1.6.7.tgz
Moodle moodle 1.7.1
-
Moodle Moodle_1.7.5.tgz
http://download.moodle.org/download.php/stable17/moodle-weekly-17.tgz
Moodle moodle 1.7.2
-
Moodle Moodle_1.7.5.tgz
http://download.moodle.org/download.php/stable17/moodle-weekly-17.tgz
Moodle moodle 1.7.3
-
Moodle Moodle_1.7.5.tgz
http://download.moodle.org/download.php/stable17/moodle-weekly-17.tgz
Moodle moodle 1.7.4
-
Moodle Moodle_1.7.5.tgz
http://download.moodle.org/download.php/stable17/moodle-weekly-17.tgz
References
Moodle 'etitle' Parameter HTML Injection Vulnerability
References:
References:
- Moodle Homepage (Moodle)
- PR08-13: Persistent Cross-site Scripting (XSS) on Moodle via blog (ProCheckUp Research
- MSA-08-0009: Persistent Cross-site Scripting (XSS) on blog entry title parameter (Moodle)