GitHub Advisory DatabaseGHSA-J4MR-VC54-H5PCMoodle cross-site scripting (XSS) vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
48.3%
Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
openwall.com/lists/oss-security/2014/11/17/11
www.securitytracker.com/id/1031215
github.com/advisories/GHSA-j4mr-vc54-h5pc
github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8
github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e
github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183
github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c
moodle.org/mod/forum/discuss.php?d=275147
nvd.nist.gov/vuln/detail/CVE-2014-7830
web.archive.org/web/20200228175348/www.securityfocus.com/bid/71119
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
48.3%