GitHub Advisory DatabaseGHSA-J6C3-3C4W-QV8PMoodle cross-site scripting (XSS) vulnerabilities
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.6%
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| typo3/cms | lt | 7.3.1 | |
| typo3/cms | lt | 6.2.14 | |
| moodle/moodle | lt | 2.6.2 | |
| moodle/moodle | lt | 2.5.5 | |
| moodle/moodle | lt | 2.4.9 |
References
flash.flowplayer.org/documentation/version-history.html
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43344
openwall.com/lists/oss-security/2014/03/17/1
github.com/advisories/GHSA-j6c3-3c4w-qv8p
github.com/flowplayer/flash/issues/121
github.com/FriendsOfPHP/security-advisories/blob/master/typo3/cms/CVE-2013-7341.yaml
github.com/moodle/moodle/commit/98d135fea3006334093efa822205d4b2c3fd8ff9
github.com/moodle/moodle/commit/9f2967e301d123d11625f3b6948e1ee538086791
github.com/moodle/moodle/commit/c3cd5e1db9de4f1a634492d99990534e30518066
github.com/moodle/moodle/commit/d65634044ebaa738f55bdec521beb42844d6916a
moodle.org/mod/forum/discuss.php?d=256420
nvd.nist.gov/vuln/detail/CVE-2013-7341
typo3.org/security/advisory/typo3-core-sa-2015-007
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6 Medium
AI Score
Confidence
High
0.003 Low
EPSS
Percentile
65.6%