CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.6%
Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
github.com/advisories/GHSA-grvw-qq2j-r898
github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223
github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88
github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6
github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951
github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0
github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9
github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe
moodle.org/mod/forum/discuss.php?d=323231
nvd.nist.gov/vuln/detail/CVE-2015-5336
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
AI Score
Confidence
High
EPSS
Percentile
28.6%