TUCoPS :: Web :: CMS / Portals :: tb11499.htm

Moodle XSS / Liesbeth base CMS sensitive information disclosure
Moodle XSS / Liesbeth base CMS sensitive information disclosure
Moodle XSS / Liesbeth base CMS sensitive information disclosure



Dear bugtraq@securityfocus.com, 

1.
  MustLive  (mustlive  at  websecurity.com  dot  ua)  reported  crossite
  scripting  vulnerability  in  Moodle  1.7.1  via  search  parameter of
  index.php, example:

http://host/user/index.php?contextid=4&roleid=0&id=2&group=&perpage &search=%22style=xss:expression(alert(document.cookie))%20 

Detailed information (in Ukranian) http://websecurity.com.ua/1045/ 
Original message (in Russian) http://securityvulns.ru/Rdocument391.html 

2.
  Durito  [damagelab]  (durito at mail dot ru) reported information leak
in Liesbeth base CMS (Vendor: www.doubleflex.com), example: 
  
http://host/config.inc 

  file  accessible through Web contains sensitive information, including
  database account.

Original message (in Russian) http://securityvulns.ru/Rdocument392.html 

-- 
http://securityvulns.com/ 
         /\_/\
        { , . }     |\
+--oQQo->{ ^ }<-----+ \
|  ZARAZA  U  3APA3A   } You know my name - look up my number (The Beatles)
+-------------o66o--+ /
                    |/


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH