GitHub Advisory DatabaseGHSA-89F3-74M6-G27GMoodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
43.9%
Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
openwall.com/lists/oss-security/2013/03/25/2
github.com/advisories/GHSA-89f3-74m6-g27g
github.com/moodle/moodle/commit/75822af579ec07cca1c6781a7c989625dcdd5463
github.com/moodle/moodle/commit/93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce
github.com/moodle/moodle/commit/954b35451112c333c0ae77dff25dafbf41587c26
github.com/moodle/moodle/commit/ca2a7956b2957d8495e154409694d205bb4ae3ef
moodle.org/mod/forum/discuss.php?d=225344
nvd.nist.gov/vuln/detail/CVE-2013-1833
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
43.9%