Lucene search
Ubuntu.comUB:CVE-2014-7835HistoryNov 24, 2014 - 12:00 a.m.
CVE-2014-7835
2014-11-2400:00:00
ubuntu.com
ubuntu.com
6
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
0.001
Percentile
46.4%
webservice/upload.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3
does not ensure that a file upload is for a private or draft area, which
allows remote authenticated users to upload files containing JavaScript,
and consequently conduct cross-site scripting (XSS) attacks, by specifying
the profile-picture area.
Related
nvd
nvd
CVE-2014-7835
2014-11-24 11:59:05
osv
osv
Moodle allows attackers to upload files containing JavaScript
2022-05-13 01:12:43
prion
prion
Cross site scripting
2014-11-24 11:59:00
cvelist
cvelist
CVE-2014-7835
2014-11-24 11:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-29 16:28:24
github
github
Moodle allows attackers to upload files containing JavaScript
2022-05-13 01:12:43
cve
cve
CVE-2014-7835
2014-11-24 11:59:05
nessus
nessus
Moodle 2.6.x < 2.6.6 / 2.7.x < 2.7.3 Multiple Vulnerabilities
2015-04-20 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0483)
2022-01-28 00:00:00
mageia
mageia
Updated moodle package fixes security vulnerabilities
2014-11-22 13:54:50
CVSS2
2.1
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:S/C:N/I:P/A:N
EPSS
0.001
Percentile
46.4%
Related for UB:CVE-2014-7835