Lucene search

K

Ubuntu.comUB:CVE-2014-3548

HistoryJul 29, 2014 - 12:00 a.m.

CVE-2014-3548

2014-07-2900:00:00

ubuntu.com

ubuntu.com

11

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

60.3%

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through
2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and
2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or
HTML via vectors that trigger an AJAX exception dialog.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471

launchpad.net/bugs/cve/CVE-2014-3548

marc.info/?l=oss-security&m=140595126521264&w=2

moodle.org/mod/forum/discuss.php?d=264270

nvd.nist.gov/vuln/detail/CVE-2014-3548

security-tracker.debian.org/tracker/CVE-2014-3548

www.cve.org/CVERecord?id=CVE-2014-3548

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS

0.002

Percentile

60.3%

Related for UB:CVE-2014-3548

prion1 osv1 cvelist1 veracode1 nvd1 github1 cve1 nessus4 openvas6 mageia1 fedora5