CVE-2013-2244

2013-07-2913:59:20

CWE-79

redhat

web.nvd.nist.gov

xss

vulnerability

moodle

2.4.x

2.5.x

remote attackers

web script

html

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

5.5

Confidence

High

EPSS

0.001

Percentile

49.0%

JSON

Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a user field.

Affected configurations

Nvd

Node

moodlemoodleMatch2.4.0

moodlemoodleMatch2.4.1

moodlemoodleMatch2.4.2

moodlemoodleMatch2.4.3

moodlemoodleMatch2.4.4

moodlemoodleMatch2.5.0

VendorProductVersionCPE
moodlemoodle2.4.0cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
moodlemoodle2.4.1cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
moodlemoodle2.4.2cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
moodlemoodle2.4.3cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
moodlemoodle2.4.4cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*
moodlemoodle2.5.0cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	2.4.0	cpe:2.3:a:moodle:moodle:2.4.0:::::::*
moodle	moodle	2.4.1	cpe:2.3:a:moodle:moodle:2.4.1:::::::*
moodle	moodle	2.4.2	cpe:2.3:a:moodle:moodle:2.4.2:::::::*
moodle	moodle	2.4.3	cpe:2.3:a:moodle:moodle:2.4.3:::::::*
moodle	moodle	2.4.4	cpe:2.3:a:moodle:moodle:2.4.4:::::::*
moodle	moodle	2.5.0	cpe:2.3:a:moodle:moodle:2.5.0:::::::*