Lucene search

K
githubGitHub Advisory DatabaseGHSA-6656-6QWX-4C2M
HistoryMay 13, 2022 - 1:13 a.m.

Moodle XSS In Tag Autocomplete functionality

2022-05-1301:13:09
CWE-79
GitHub Advisory Database
github.com
9
moodle
xss
tag autocomplete
vulnerability
software
html
remote attackers

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

56.9%

Cross-site scripting (XSS) vulnerability in the tag autocomplete functionality in Moodle 1.9.x before 1.9.11 and 2.0.x before 2.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Affected configurations

Vulners
Node
moodlemoodleRange<1.9.11
OR
moodlemoodleRange<2.0.2
CPENameOperatorVersion
moodle/moodlelt1.9.11
moodle/moodlelt2.0.2

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

56.9%