Lucene search

RedhatCVE-2014-3544

HistoryJul 29, 2014 - 11:10 a.m.

CVE-2014-3544

2014-07-2911:10:32

CWE-79

redhat

web.nvd.nist.gov

moodle

user/profile.php

xss

vulnerability

nvd

cve-2014-3544

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

AI Score

5.1

Confidence

High

EPSS

0.004

Percentile

74.6%

JSON

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

Affected configurations

Nvd

Node

moodlemoodleMatch2.4.0

moodlemoodleMatch2.4.1

moodlemoodleMatch2.4.2

moodlemoodleMatch2.4.3

moodlemoodleMatch2.4.4

moodlemoodleMatch2.4.5

moodlemoodleMatch2.4.6

moodlemoodleMatch2.4.7

moodlemoodleMatch2.4.8

moodlemoodleMatch2.4.9

moodlemoodleMatch2.4.10

Node

moodlemoodleRange≤2.3.11

moodlemoodleMatch2.3.0

moodlemoodleMatch2.3.1

moodlemoodleMatch2.3.2

moodlemoodleMatch2.3.3

moodlemoodleMatch2.3.4

moodlemoodleMatch2.3.5

moodlemoodleMatch2.3.6

moodlemoodleMatch2.3.7

moodlemoodleMatch2.3.8

moodlemoodleMatch2.3.9

moodlemoodleMatch2.3.10

Node

moodlemoodleMatch2.6.0

moodlemoodleMatch2.6.1

moodlemoodleMatch2.6.2

moodlemoodleMatch2.6.3

Node

moodlemoodleMatch2.7.0

Node

moodlemoodleMatch2.5.0

moodlemoodleMatch2.5.1

moodlemoodleMatch2.5.2

moodlemoodleMatch2.5.3

moodlemoodleMatch2.5.4

moodlemoodleMatch2.5.5

moodlemoodleMatch2.5.6

VendorProductVersionCPE
moodlemoodle2.4.0cpe:2.3:a:moodle:moodle:2.4.0:*:*:*:*:*:*:*
moodlemoodle2.4.1cpe:2.3:a:moodle:moodle:2.4.1:*:*:*:*:*:*:*
moodlemoodle2.4.2cpe:2.3:a:moodle:moodle:2.4.2:*:*:*:*:*:*:*
moodlemoodle2.4.3cpe:2.3:a:moodle:moodle:2.4.3:*:*:*:*:*:*:*
moodlemoodle2.4.4cpe:2.3:a:moodle:moodle:2.4.4:*:*:*:*:*:*:*
moodlemoodle2.4.5cpe:2.3:a:moodle:moodle:2.4.5:*:*:*:*:*:*:*
moodlemoodle2.4.6cpe:2.3:a:moodle:moodle:2.4.6:*:*:*:*:*:*:*
moodlemoodle2.4.7cpe:2.3:a:moodle:moodle:2.4.7:*:*:*:*:*:*:*
moodlemoodle2.4.8cpe:2.3:a:moodle:moodle:2.4.8:*:*:*:*:*:*:*
moodlemoodle2.4.9cpe:2.3:a:moodle:moodle:2.4.9:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	2.4.0	cpe:2.3:a:moodle:moodle:2.4.0:::::::*
moodle	moodle	2.4.1	cpe:2.3:a:moodle:moodle:2.4.1:::::::*
moodle	moodle	2.4.2	cpe:2.3:a:moodle:moodle:2.4.2:::::::*
moodle	moodle	2.4.3	cpe:2.3:a:moodle:moodle:2.4.3:::::::*
moodle	moodle	2.4.4	cpe:2.3:a:moodle:moodle:2.4.4:::::::*
moodle	moodle	2.4.5	cpe:2.3:a:moodle:moodle:2.4.5:::::::*
moodle	moodle	2.4.6	cpe:2.3:a:moodle:moodle:2.4.6:::::::*
moodle	moodle	2.4.7	cpe:2.3:a:moodle:moodle:2.4.7:::::::*
moodle	moodle	2.4.8	cpe:2.3:a:moodle:moodle:2.4.8:::::::*
moodle	moodle	2.4.9	cpe:2.3:a:moodle:moodle:2.4.9:::::::*