Lucene search

K
nessusTenable8709.PRM
HistoryApr 20, 2015 - 12:00 a.m.

Moodle 1.9.x < 1.9.12 Multiple Vulnerabilities

2015-04-2000:00:00
Tenable
www.tenable.com
6

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

56.9%

The remote web server hosts Moodle, an open-source course management system. Versions of Moodle prior to 1.9.12 are potentially affected by multiple vulnerabilities :

  • A security bypass flaw exists in Group/Quiz permissions that could allow a teacher assigned to a particular group to access quiz reports for students in other groups. (MSA-11-0013 / CVE-2011-4288)

  • A vulnerability assessment performed by a third party has revealed multiple cross-site scripting (XSS) vulnerabilities. Specifically, these affect URL encoding within the script β€˜lib/weblib.php’. (MSA-11-0015 / CVE-2011-4290)

Binary data 8709.prm
VendorProductVersionCPE
moodlemoodlecpe:/a:moodle:moodle

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

56.9%