Lucene search

GitHub Advisory DatabaseGHSA-MX5G-3VXH-RGM8

HistoryMay 13, 2022 - 1:13 a.m.

Moodle vulnerable to XSS via bundled spikephpcoverage library

2022-05-1301:13:17

CWE-79

GitHub Advisory Database

github.com

moodle

xss

spikephpcoverage

vulnerability

remote attackers

web script

html

unspecified vectors

software

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

55.4%

JSON

Cross-site scripting (XSS) vulnerability in the Spike PHPCoverage (aka spikephpcoverage) library, as used in Moodle 2.0.x before 2.0.2 and other products, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Vulners

Node

moodlemoodleRange<2.0.2

VendorProductVersionCPE
moodlemoodle*cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
moodle	moodle	*	cpe:2.3:a:moodle:moodle::::::::

References

git.moodle.org/gw?p=moodle.git;a=commit;h=bd654f0ced8af925c27b7c94321f0c299b50b38e

moodle.org/mod/forum/discuss.php?d=170005

openwall.com/lists/oss-security/2011/11/14/1

github.com/advisories/GHSA-mx5g-3vxh-rgm8

github.com/moodle/moodle/commit/bd654f0ced8af925c27b7c94321f0c299b50b38e

nvd.nist.gov/vuln/detail/CVE-2011-4280

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

Confidence

High

EPSS

0.002

Percentile

55.4%

JSON

Related for GHSA-MX5G-3VXH-RGM8