Lucene search

K

GoogleOSV:GHSA-C9JP-244J-VH78

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site scripting (XSS) vulnerability

2022-05-1301:12:40

Google

osv.dev

6

moodle

cross-site scripting

xss

vulnerability

user profile

remote authenticated users

skype id

html injection

AI Score

5.3

Confidence

High

EPSS

0.004

Percentile

74.6%

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683

openwall.com/lists/oss-security/2014/07/21/1

osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss

osvdb.org/show/osvdb/109337

packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html

www.exploit-db.com/exploits/34169

www.securityfocus.com/bid/68756

github.com/moodle/moodle

github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9

github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9

github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d

github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74

moodle.org/mod/forum/discuss.php?d=264265

nvd.nist.gov/vuln/detail/CVE-2014-3544

AI Score

5.3

Confidence

High

EPSS

0.004

Percentile

74.6%

Related for OSV:GHSA-C9JP-244J-VH78

packetstorm1 ubuntucve1 exploitdb1 cve1 prion1 veracode1 github1 nvd1 cvelist1 nessus3 openvas6 mageia1 fedora5