GitHub Advisory DatabaseGHSA-M8F5-9WG8-2C3HMoodle multiple cross-site scripting (XSS) vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
41.9%
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
openwall.com/lists/oss-security/2014/07/21/1
github.com/advisories/GHSA-m8f5-9wg8-2c3h
github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb
github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947
github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e
github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f
github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865
github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853
github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654
github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789
github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae
github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14
github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9
github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2
github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512
github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264
github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085
github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e
github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8
moodle.org/mod/forum/discuss.php?d=264273
nvd.nist.gov/vuln/detail/CVE-2014-3551
web.archive.org/web/20200228170658/www.securityfocus.com/bid/68763
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
41.9%