GitHub Advisory DatabaseGHSA-9FMW-M4QX-6CQ8Moodle cross-site scripting (XSS) vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
48.3%
Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718
openwall.com/lists/oss-security/2015/05/18/1
github.com/advisories/GHSA-9fmw-m4qx-6cq8
github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749
github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78
github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5
github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f
github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b
github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6
moodle.org/mod/forum/discuss.php?d=313685
nvd.nist.gov/vuln/detail/CVE-2015-3178
web.archive.org/web/20200228054910/www.securityfocus.com/bid/74726
web.archive.org/web/20201201000000*/www.securitytracker.com/id/1032358
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
AI Score
Confidence
High
EPSS
Percentile
48.3%