CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
Percentile
39.8%
The remote web server hosts Moodle, an open-source course management system. Versions of Moodle 2.8.x prior to 2.8.2 contain a flaw that allows a stored cross-site scripting (XSS) attack. This flaw exists because the ‘mod/lesson/db/access.php’ script does not validate input to essay feedback when grading lessons before returning it to users. This may allow a remote attacker to create a specially crafted request that would execute arbitrary script code in a user’s browser session within the trust relationship between their browser and the server. (MSA-15-0006 / CVE-2015-0216)
Binary data 8724.prm