PT-2016-1291 · Moodle · Moodle
Martin Greenaway
·
Publicado
2015-08-03
·
Atualizado
2022-05-13
·
CVE-2015-3275
CVSS v3.1
6.1
Média
| Vetor | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions prior to 2.6.11
Moodle versions 2.7.x before 2.7.9
Moodle versions 2.8.x before 2.8.7
Moodle versions 2.9.x before 2.9.1
Description
The SCORM module in Moodle contains multiple cross-site scripting (XSS) vulnerabilities due to the lack of protection of the web page structure. This allows a remote attacker to inject arbitrary web script or HTML via a crafted organization name to the "mod/scorm/player.php" or "mod/scorm/prereqs.php" API endpoints.
Recommendations
For versions prior to 2.6.11, update to version 2.6.11 or later.
For versions 2.7.x before 2.7.9, update to version 2.7.9 or later.
For versions 2.8.x before 2.8.7, update to version 2.8.7 or later.
For versions 2.9.x before 2.9.1, update to version 2.9.1 or later.
As a temporary workaround, consider restricting access to the "mod/scorm/player.php" and "mod/scorm/prereqs.php" API endpoints until a patch is available.
Correção
XSS
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Moodle