Lucene search

K

Ubuntu.comUB:CVE-2014-3544

HistoryJul 29, 2014 - 12:00 a.m.

CVE-2014-3544

2014-07-2900:00:00

ubuntu.com

ubuntu.com

14

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.004

Percentile

74.6%

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle
through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before
2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject
arbitrary web script or HTML via the Skype ID profile field.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683

seclists.org/oss-sec/2014/q3/194

launchpad.net/bugs/cve/CVE-2014-3544

nvd.nist.gov/vuln/detail/CVE-2014-3544

security-tracker.debian.org/tracker/CVE-2014-3544

www.cve.org/CVERecord?id=CVE-2014-3544

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

EPSS

0.004

Percentile

74.6%

Related for UB:CVE-2014-3544

packetstorm1 exploitdb1 cve1 veracode1 github1 nvd1 prion1 osv1 cvelist1 nessus3 openvas6 mageia1 fedora5