GitHub Advisory DatabaseGHSA-F66H-6MJ2-RWJ2Moodle multiple cross-site scripting (XSS) vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
60.3%
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
openwall.com/lists/oss-security/2014/07/21/1
github.com/advisories/GHSA-f66h-6mj2-rwj2
github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a
github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288
github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe
github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e
moodle.org/mod/forum/discuss.php?d=264270
nvd.nist.gov/vuln/detail/CVE-2014-3548
web.archive.org/web/20200228161543/www.securityfocus.com/bid/68766
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
60.3%