Moodle KSES HTML Filter Bypass - Exabytes Security Portal

Categories

Applications (244)
Blogs (7)
Content Management (158)
Customer Relationship (4)
Discussion Boards (35)
E-Commerce (15)
General Purpose Directories (2)
Image Galleries (21)
Mailing Lists (1)
Tips (3)
Vulnerabilities (357)
Access Bypass (53)
Cross Site Scripting (134)
Denial Of Service (2)
File Inclusion (53)
Information Disclosure (15)
Privilege Escalation (2)
Remote Command Execution (17)
Session Hijacking (2)
SQL Injection (137)

Moodle KSES HTML Filter Bypass

Published by TL Guan July 17th, 2008 in Access Bypass and Content Management.

Application: Moodle
Affected Version: prior to 1.8.5.
Vendor’s URL: Moodle KSES
Bug Type: Security Bypass
Risk Level: Medium

Solution:
Update to version 1.8.5 or upgrade to version 1.9.

The vendor recommends to use the option “Use HTML Purifier” in version 1.9.

Search

Subscribe

Entries RSS

Latest

Archives