Vulnerability Name:

CCN-86957

Published:2013-09-09
Updated:2013-09-09
Summary:Moodle is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input by the external_blog_edit.php script. By persuading an authenticated user to visit a malicious Web site, a remote attacker could send a malformed HTTP request to perform unauthorized actions. An attacker could exploit this vulnerability to perform cross-site scripting attacks, Web cache poisoning, and other malicious activities.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Consequences:Cross-Site Scripting
References:Source: CCN
Type: Moodle Web Site
Moodle

Source: XF
Type: UNKNOWN
moodle-externalblogedit-csrf(86957)

Source: CCN
Type: Packet Storm Security [09-09-2013]
Moodle 2.3.9 / 2.4.9 Javascript Insertion

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [09-09-2013]

Vulnerable Configuration:Configuration CCN 1:
  • cpe:/a:moodle:moodle:2.3.0:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.1:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.2:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.3:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.4:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.5:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.6:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.4.4:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.7:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.3.8:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.4.5:*:*:*:*:*:*:*
  • OR cpe:/a:moodle:moodle:2.5.1:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    moodle moodle 2.3
    moodle moodle 2.3.1
    moodle moodle 2.3.2
    moodle moodle 2.3.3
    moodle moodle 2.4
    moodle moodle 2.4.1
    moodle moodle 2.3.4
    moodle moodle 2.4.2
    moodle moodle 2.4.3
    moodle moodle 2.3.5
    moodle moodle 2.3.6
    moodle moodle 2.5
    moodle moodle 2.4.4
    moodle moodle 2.3.7
    moodle moodle 2.3.8
    moodle moodle 2.4.5
    moodle moodle 2.5.1