AutoSec Tools has discovered a vulnerability in Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks. Input passed via the "PHPCOVERAGE_HOME" parameter to lib/spikephpcoverage/src/phpcoverage.remote.top.inc.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. The vulnerability is confirmed in version 2.0.1. Other versions may also be affected.
This is upstream's (private) ticket MDL-26237. The following commit addresses the issue: http://git.moodle.org/gw?p=moodle.git;a=commit;h=bd654f0ced8af925c27b7c94321f0c299b50b38e Effectively phpcoverage.remote.bottom.inc.php and phpcoverage.remote.top.inc.php are just turned off with an initial die().
The security issue has been resolved. moodle-2.0.2.ebuild has been in the tree since Feb 22, and I just removed the vulnerable version. This bug should be good for a GLSA.
(In reply to comment #2) > The security issue has been resolved. moodle-2.0.2.ebuild has been in the > tree since Feb 22, and I just removed the vulnerable version. > Thanks > This bug should be good for a GLSA. The package was never stable, so no advisory is issued. Closing noglsa.
