Lucene search
RedhatCVE-2014-3549HistoryJul 29, 2014 - 11:10 a.m.
CVE-2014-3549
2014-07-2911:10:32
CWE-79
redhat
web.nvd.nist.gov
38
cve
2014
3549
cross-site scripting
xss
vulnerability
moodle
web script
html
username
logging
invalid login
nvd
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.002
Percentile
60.3%
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
Affected configurations
Node
moodlemoodleMatch2.7.0
Related
nvd
nvd
CVE-2014-3549
2014-07-29 11:10:32
ubuntucve
ubuntucve
CVE-2014-3549
2014-07-29 00:00:00
prion
prion
Cross site scripting
2014-07-29 11:10:00
cvelist
cvelist
CVE-2014-3549
2014-07-29 10:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-18 08:03:53
nessus
nessus
Moodle 2.7.x < 2.7.1 XSS
2015-04-20 00:00:00
Fedora 20 : moodle-2.5.7-1.fc20 (2014-8601)
2014-07-31 00:00:00
Fedora 19 : moodle-2.4.11-1.fc19 (2014-8609)
2014-07-31 00:00:00
openvas
openvas
Fedora Update for moodle FEDORA-2014-10802
2014-10-01 00:00:00
Fedora Update for moodle FEDORA-2014-15102
2014-11-26 00:00:00
Fedora Update for moodle FEDORA-2014-8601
2014-08-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: moodle-2.5.9-1.fc20
2014-11-25 15:30:01
[SECURITY] Fedora 20 Update: moodle-2.5.7-1.fc20
2014-07-30 07:03:13
[SECURITY] Fedora 20 Update: moodle-2.5.8-1.fc20
2014-09-25 10:46:26
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.002
Percentile
60.3%
Related for CVE-2014-3549