Lucene search
HistoryJul 29, 2014 - 11:10 a.m.
CVE-2014-3549
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.002
Percentile
60.3%
Cross-site scripting (XSS) vulnerability in the get_description function in lib/classes/event/user_login_failed.php in Moodle 2.7.x before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via a crafted username that is improperly handled during the logging of an invalid login attempt.
Affected configurations
Node
moodlemoodleMatch2.7.0
Related
ubuntucve
ubuntucve
CVE-2014-3549
2014-07-29 00:00:00
prion
prion
Cross site scripting
2014-07-29 11:10:00
cve
cve
CVE-2014-3549
2014-07-29 11:10:32
cvelist
cvelist
CVE-2014-3549
2014-07-29 10:00:00
veracode
veracode
Cross-site Scripting (XSS)
2017-07-18 08:03:53
nessus
nessus
Moodle 2.7.x < 2.7.1 XSS
2015-04-20 00:00:00
Fedora 20 : moodle-2.5.7-1.fc20 (2014-8601)
2014-07-31 00:00:00
Fedora 19 : moodle-2.4.11-1.fc19 (2014-8609)
2014-07-31 00:00:00
openvas
openvas
Fedora Update for moodle FEDORA-2014-15102
2014-11-26 00:00:00
Fedora Update for moodle FEDORA-2014-10802
2014-10-01 00:00:00
Fedora Update for moodle FEDORA-2014-8601
2014-08-05 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: moodle-2.5.9-1.fc20
2014-11-25 15:30:01
[SECURITY] Fedora 20 Update: moodle-2.5.8-1.fc20
2014-09-25 10:46:26
[SECURITY] Fedora 20 Update: moodle-2.5.7-1.fc20
2014-07-30 07:03:13
CVSS2
4.3
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
AI Score
5.4
Confidence
High
EPSS
0.002
Percentile
60.3%
Related for NVD:CVE-2014-3549