GitHub Advisory DatabaseGHSA-F7QM-Q26P-6RR2Moodle cross-site scripting (XSS) vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
59.1%
Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.
Affected configurations
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
openwall.com/lists/oss-security/2015/07/13/2
github.com/advisories/GHSA-f7qm-q26p-6rr2
github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8
github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36
github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b
github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7
moodle.org/mod/forum/discuss.php?d=316664
nvd.nist.gov/vuln/detail/CVE-2015-3274
web.archive.org/web/20150924032214/www.securitytracker.com/id/1032877
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
59.1%