GitHub Advisory DatabaseGHSA-6656-6QWX-4C2MMoodle XSS In Tag Autocomplete functionality
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
56.9%
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Affected configurations
References
git.moodle.org/gw?p=moodle.git;a=commit;h=fd29b2ad1c20906da00d7e523f39bc8a0358a65b
moodle.org/mod/forum/discuss.php?d=170003
openwall.com/lists/oss-security/2011/11/14/1
github.com/advisories/GHSA-6656-6qwx-4c2m
github.com/moodle/moodle/commit/34b93e39a64a68e4a676b93ccf2bd87a1d3b5ef8
github.com/moodle/moodle/commit/fd29b2ad1c20906da00d7e523f39bc8a0358a65b
nvd.nist.gov/vuln/detail/CVE-2011-4278
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
56.9%