Two Vulnerabilities Detected in Academic Portal Moodle
According to Researchers at IT consultancy company, ProCheckUp, two sever security flaws have been identified in a widely used open-source online CMS (course management system) called Moodle.
Research conducted so far shows that the flaw in the CMS software exposes the application to XSS or cross-site scripting attacks. According to the researchers, the ProCheckUp-developed a XSS exploit, a persistent bug injects malicious content into the open blogs segment of the Moodle Website. This malware then captures the session IDs of users visiting the blogs segment of the site so that a malicious attacker can pretend to be any of the compromised users.
Thus, an attacker might exploit the flaw to capture any of the legitimate ...
» SPAMfighter News - 28-07-2008