Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusTenable8708.PRM
HistoryApr 20, 2015 - 12:00 a.m.

Moodle 2.0.x < 2.0.2 Multiple Vulnerabilities

2015-04-2000:00:00
Tenable
www.tenable.com
4
JSON

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.x prior to 2.0.2 are potentially affected by multiple vulnerabilities :

  • A cross-site scripting (XSS) vulnerability exists in the script ‘/tag/tag_autocomplete.php’ due to lack of input validation. (MSA-11-0003 / CVE-2011-4278)

  • An information disclosure flaw exists because it does not use the ‘forceloginforprofiles’ setting by default for course-profiles access control, which makes it easier for remote attackers to obtain potentially sensitive information via vectors involving use of a search engine such as Google. (MSA-11-0004 / CVE-2011-4279)

  • A cross-site scripting (XSS) vulnerability affects the Spike PHPCoverage library in Moodle. (MSA-11-0005 / CVE-2011-4280)

  • Multiple cross-site request forgery (CSRF) vulnerabilities exist due to poor access control in course completion. This could allow a malicious attacker to arbitrarily mark the course as completed or active. (MSA-11-0006 / CVE-2011-4281)

  • Multiple cross-site scripting (XSS) vulnerabilities exist in the course-tags functionality. Specifically, this affects the script ‘tag/coursetags_more.php’ when using the parameters ‘sort’ or ‘show’. (MSA-11-0007 / CVE-2011-4282)

  • An information disclosure flaw exists in the IMS enterprise enrollment file when placed in the course files area. Specifically, this affects the ‘imsenterprise-enrol.xml’ file. (MSA-11-0008 / CVE-2011-4283)

  • An information disclosure vulnerability affects the ‘MyProfile’ page. This could allow a remote attacker to obtain sensitive information by visiting the ‘user-context’ page. (MSA-11-0009 / CVE-2011-4284)

  • A security-bypass vulnerability affects the default Moodle configuration which could allow any authenticated user to delete arbitrary courses by leveraging the teacher role. (MSA-11-0010 / CVE-2011-4285)

  • Multiple cross-site scripting (XSS) vulnerabilities exist in the media-filter implementation. Specifically, this affects the ‘filter/mediaplugin/filter.php’ script. A remote attacker could inject arbitrary HTML or scripts via vectors involving Flash Video (FLV) and YouTube videos. (MSA-11-0011 / CVE-2011-4286)

Binary data 8708.prm
VendorProductVersionCPE
moodlemoodlecpe:/a:moodle:moodle

Related

nessus 1
openvas 3
prion 9
ubuntucve 9
cve 9
github 3
osv 3
nessus
nessus
Moodle 1.9.x < 1.9.11 Multiple Vulnerabilities
2015-04-20 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-2262-1)
2011-08-03 00:00:00
Debian Security Advisory DSA 2262-1 (moodle)
2011-08-03 00:00:00
Debian: Security Advisory (DSA-2262-1)
2011-08-03 00:00:00
prion
prion
Cross site request forgery (csrf)
2012-07-16 10:28:00
Design/Logic Flaw
2012-07-16 10:28:00
Cross site scripting
2012-07-16 10:28:00
ubuntucve
ubuntucve
CVE-2011-4281
2012-07-16 00:00:00
CVE-2011-4280
2012-07-16 00:00:00
CVE-2011-4282
2012-07-16 00:00:00
cve
cve
CVE-2011-4281
2012-07-16 10:28:00
CVE-2011-4280
2012-07-16 10:28:00
CVE-2011-4279
2012-07-16 10:28:00
github
github
Moodle XSS In Tag Autocomplete functionality
2022-05-13 01:13:09
Moodle vulnerable to XSS via bundled spikephpcoverage library
2022-05-13 01:13:17
Moodle Incorrect Default Settings
2022-05-13 01:13:17
osv
osv
Moodle vulnerable to XSS via bundled spikephpcoverage library
2022-05-13 01:13:17
Moodle XSS In Tag Autocomplete functionality
2022-05-13 01:13:09
Moodle Incorrect Default Settings
2022-05-13 01:13:17
JSON
Related for 8708.PRM
nessus1openvas3prion9ubuntucve9cve9github3osv3