Lucene search

K

GoogleOSV:GHSA-F66H-6MJ2-RWJ2

HistoryMay 13, 2022 - 1:12 a.m.

Moodle multiple cross-site scripting (XSS) vulnerabilities

2022-05-1301:12:41

Google

osv.dev

9

moodle

cross-site scripting

xss

vulnerabilities

remote attackers

web script

html

ajax exception

software

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

60.3%

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471

openwall.com/lists/oss-security/2014/07/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a

github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288

github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe

github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e

moodle.org/mod/forum/discuss.php?d=264270

nvd.nist.gov/vuln/detail/CVE-2014-3548

web.archive.org/web/20200228161543/www.securityfocus.com/bid/68766

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

60.3%

Related for OSV:GHSA-F66H-6MJ2-RWJ2

prion1 ubuntucve1 cvelist1 veracode1 nvd1 github1 cve1 nessus4 openvas6 mageia1 fedora5