Moodle LMS Jmol Plugin Reflected Cross-Site Scripting Vulnerability

A reflected cross-site scripting vulnerability has been identified in the Jmol filter plugin for Moodle Learning Management System, specifically in versions through 6.1. The vulnerability arises in the jsmol.php file, where the application fails to adequately sanitize user input before incorporating it into the HTTP response. This oversight enables attackers to execute arbitrary JavaScript in the context of the victim's browser by creating a malicious link. Such exploitation could lead to session hijacking or manipulation of page content.

Impact

Exploitation of this vulnerability allows for reflected cross-site scripting, where an attacker can execute JavaScript in the context of the victim's browser.

Reproduction

To reproduce this vulnerability, access the jsmol.php file within the Jmol plugin directory and use the 'call' parameter to invoke the 'saveFile' function. Include the 'data' parameter with a crafted script tag, such as a JavaScript alert, and set the 'mimetype' parameter to 'text/html'. This will trigger the cross-site scripting vulnerability by executing the embedded JavaScript in the victim's browser.

Remediation

Uninstall the Jmol plugin from the Moodle Site Administration interface. Ensure that the uninstallation removes the plugin directory from the web server's file system, as disabling the plugin does not stop the vulnerable PHP scripts from being accessed.