Bug 353431

Summary:	<=www-apps/moodle-2.0.1: XSS
Product:	Gentoo Security	Reporter:	Paweł Hajdan, Jr. (RETIRED) <phajdan.jr>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED FIXED
Severity:	trivial	CC:	blueness, jah, web-apps
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	http://secunia.com/advisories/43133/
Whiteboard:	~4 [noglsa]
Package list:		Runtime testing required:	---

Description Paweł Hajdan, Jr. (RETIRED) gentoo-dev

2011-02-01 19:40:20 UTC

AutoSec Tools has discovered a vulnerability in Moodle, which can be exploited by malicious people to conduct cross-site scripting attacks.

Input passed via the "PHPCOVERAGE_HOME" parameter to lib/spikephpcoverage/src/phpcoverage.remote.top.inc.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

The vulnerability is confirmed in version 2.0.1. Other versions may also be affected.

Comment 1 Anthony Basile gentoo-dev

2011-02-08 15:27:28 UTC

This is upstream's (private) ticket MDL-26237.  The following commit addresses the issue:

http://git.moodle.org/gw?p=moodle.git;a=commit;h=bd654f0ced8af925c27b7c94321f0c299b50b38e

Effectively phpcoverage.remote.bottom.inc.php and phpcoverage.remote.top.inc.php are just turned off with an initial die().

Comment 2 Anthony Basile gentoo-dev

2011-03-10 15:06:44 UTC

The security issue has been resolved.  moodle-2.0.2.ebuild  has been in the tree since Feb 22, and I just removed the vulnerable version.

This bug should be good for a GLSA.

Comment 3 Alex Legler (RETIRED) archtester

2011-03-10 16:30:48 UTC

(In reply to comment #2)
> The security issue has been resolved.  moodle-2.0.2.ebuild  has been in the
> tree since Feb 22, and I just removed the vulnerable version.
> 

Thanks

> This bug should be good for a GLSA.

The package was never stable, so no advisory is issued. Closing noglsa.