GitHub Advisory DatabaseGHSA-6656-6QWX-4C2MMoodle XSS In Tag Autocomplete functionality
6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.5%
Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 1.9.11 | |
| moodle/moodle | lt | 2.0.2 |
References
git.moodle.org/gw?p=moodle.git;a=commit;h=fd29b2ad1c20906da00d7e523f39bc8a0358a65b
moodle.org/mod/forum/discuss.php?d=170003
openwall.com/lists/oss-security/2011/11/14/1
github.com/advisories/GHSA-6656-6qwx-4c2m
github.com/moodle/moodle/commit/34b93e39a64a68e4a676b93ccf2bd87a1d3b5ef8
github.com/moodle/moodle/commit/fd29b2ad1c20906da00d7e523f39bc8a0358a65b
nvd.nist.gov/vuln/detail/CVE-2011-4278
Related
6 Medium
AI Score
Confidence
High
4.3 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
56.5%