Coursemill Learning Management System version 6.6 and 6.8 contains multiple vulnerabilities.
CWE-472: External Control of Assumed-Immutable Web Parameter - CVE-2013-3599
In Coursemill 6.6, when loading the home page (/coursemill/cm0660/home.html) the response to the userlogin.jsp request returns the user role as a parameter (passed to the client for processing). In Coursemill 6.8, this has been partially remediated. Privilege escalation is still possible without authentication.
An attacker can conduct a cross-site scripting, cross-site request forgery, or privilege escalation attack, which may result in information leakage or privilege escalation.
Apply an Update
Thanks to Mike Czumak for reporting this vulnerability.
This document was written by Chris King.