Описание
Moodle does not set the RISK_XSS bit for graders
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-0216
- https://github.com/moodle/moodle/commit/b9c86823c70a1cba20bca1c4b5b032ee1559e22d
- https://github.com/moodle/moodle/commit/c80603ddc4ba4e7d85ea2b79f644a4a041cee137
- https://moodle.org/mod/forum/discuss.php?d=278616
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034
- http://openwall.com/lists/oss-security/2015/01/19/1
Пакеты
moodle/moodle
>= 2.8.0, < 2.8.2
2.8.2
Связанные уязвимости
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.
access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not ...
Уязвимость системы управления обучением Мoodle, позволяющая нарушителю проводить межсайтовый скриптинг