GitHub Advisory DatabaseGHSA-W77V-XPXR-C6PVMoodle cross-site scripting (XSS) vulnerability
5.3 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
38.9%
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.
| CPE | Name | Operator | Version |
|---|---|---|---|
| moodle/moodle | lt | 2.8.4 | |
| moodle/moodle | lt | 2.7.6 | |
| moodle/moodle | lt | 2.6.9 |
References
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
openwall.com/lists/oss-security/2015/03/16/1
github.com/advisories/GHSA-w77v-xpxr-c6pv
github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e
github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7
github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f
github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b
moodle.org/mod/forum/discuss.php?d=307387
nvd.nist.gov/vuln/detail/CVE-2015-2273
Related
5.3 Medium
AI Score
Confidence
High
3.5 Low
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
0.001 Low
EPSS
Percentile
38.9%