Lucene search
CVE-2015-3174
mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading
Show more
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | Cross-Site Scripting (XSS) | 27 Jul 201703:18 | – | veracode |
 | CVE-2015-3174 | 1 Jun 201519:59 | – | nvd |
 | CVE-2015-3174 | 1 Jun 201500:00 | – | ubuntucve |
 | Cross site scripting | 1 Jun 201519:59 | – | prion |
 | Moodle does not set the RISK_XSS bit for graders | 13 May 202201:12 | – | osv |
 | CVE-2015-3174 | 1 Jun 201519:00 | – | cvelist |
 | Moodle does not set the RISK_XSS bit for graders | 13 May 202201:12 | – | github |
 | Mageia: Security Advisory (MGASA-2015-0229) | 28 Jan 202200:00 | – | openvas |
| Fedora Update for moodle FEDORA-2015-14996 | 16 Sep 201500:00 | – | openvas |
| Fedora Update for moodle FEDORA-2015-14988 | 16 Sep 201500:00 | – | openvas |
10
Node
OROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROROR
| Source | Link |
|---|---|
| git | www.git.moodle.org/gw |
| openwall | www.openwall.com/lists/oss-security/2015/05/18/1 |
| securityfocus | www.securityfocus.com/bid/74719 |
| securitytracker | www.securitytracker.com/id/1032358 |
| moodle | www.moodle.org/mod/forum/discuss.php |
| Parameter | Position | Path | Description | CWE |
|---|---|---|---|---|
| gradebook feedback | request body | /mod/quiz/db/access.php | Cross-site scripting (XSS) vulnerability due to improper setting of RISK_XSS bit. | CWE-79 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo01 Jun 2015 19:59Current
6.5Medium risk
Vulners AI Score6.5
CVSS23.5
EPSS0.00279