Lucene search
RedhatCVE-2015-0212HistoryJun 01, 2015 - 7:59 p.m.
CVE-2015-0212
2015-06-0119:59:01
CWE-79
redhat
web.nvd.nist.gov
34
moodle
xss
vulnerability
course
pending.php
remote authenticated users
web script
html
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
39.8%
Cross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.
Affected configurations
Node
moodlemoodleRange≤2.5.9
ORmoodlemoodleMatch2.5.0
ORmoodlemoodleMatch2.5.1
ORmoodlemoodleMatch2.5.2
ORmoodlemoodleMatch2.5.3
ORmoodlemoodleMatch2.5.4
ORmoodlemoodleMatch2.5.5
ORmoodlemoodleMatch2.5.6
ORmoodlemoodleMatch2.5.7
ORmoodlemoodleMatch2.5.8
ORmoodlemoodleMatch2.6.0
ORmoodlemoodleMatch2.6.1
ORmoodlemoodleMatch2.6.2
ORmoodlemoodleMatch2.6.3
ORmoodlemoodleMatch2.6.4
ORmoodlemoodleMatch2.6.5
ORmoodlemoodleMatch2.6.6
ORmoodlemoodleMatch2.7.0
ORmoodlemoodleMatch2.7.1
ORmoodlemoodleMatch2.7.2
ORmoodlemoodleMatch2.7.3
ORmoodlemoodleMatch2.8.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| moodle | moodle | * | cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.0 | cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.1 | cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.2 | cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.3 | cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.4 | cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.5 | cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.6 | cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.7 | cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:* |
| moodle | moodle | 2.5.8 | cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2015-0212
2015-06-01 19:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-27 21:55:47
osv
osv
Moodle cross-site scripting (XSS) vulnerability
2022-05-13 01:12:43
prion
prion
Cross site scripting
2015-06-01 19:59:00
nvd
nvd
CVE-2015-0212
2015-06-01 19:59:01
github
github
Moodle cross-site scripting (XSS) vulnerability
2022-05-13 01:12:43
ubuntucve
ubuntucve
CVE-2015-0212
2015-06-01 00:00:00
nessus
nessus
Moodle < 2.6 / 2.6.x < 2.6.7 / 2.7.x < 2.7.4 / 2.8.x < 2.8.2 Multiple Vulnerabilities
2015-04-21 00:00:00
Fedora 21 : moodle-2.7.5-1.fc21 (2015-1751)
2015-02-16 00:00:00
mageia
mageia
Updated moodle package fixes security vulnerabilities
2015-01-20 17:57:33
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0032)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2015-1751
2015-02-15 00:00:00
fedora
fedora
[SECURITY] Fedora 21 Update: moodle-2.7.5-1.fc21
2015-02-15 03:24:22
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
5.1
Confidence
High
EPSS
0.001
Percentile
39.8%
Related for CVE-2015-0212