CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
59.1%
Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705
www.openwall.com/lists/oss-security/2016/03/21/1
github.com/advisories/GHSA-6mxm-wpqv-675h
github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657
github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055
github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1
github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897
github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349
github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c
github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b
github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20
github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d
moodle.org/mod/forum/discuss.php?d=330174
nvd.nist.gov/vuln/detail/CVE-2016-2152
web.archive.org/web/20160424224349/www.securitytracker.com/id/1035333
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
59.1%