Lucene search

[email protected]NVD:CVE-2016-0725

HistoryFeb 22, 2016 - 5:59 a.m.

CVE-2016-0725

2016-02-2205:59:22

CWE-79

[email protected]

web.nvd.nist.gov

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

EPSS

0.002

Percentile

59.5%

JSON

Cross-site scripting (XSS) vulnerability in the search_pagination function in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10, 2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via a crafted search string.

Affected configurations

Nvd

Node

fedoraprojectfedoraMatch22

fedoraprojectfedoraMatch23

Node

moodlemoodleMatch2.8.0

moodlemoodleMatch2.8.1

moodlemoodleMatch2.8.2

moodlemoodleMatch2.8.3

moodlemoodleMatch2.8.4

moodlemoodleMatch2.8.5

moodlemoodleMatch2.8.6

moodlemoodleMatch2.8.7

moodlemoodleMatch2.8.8

moodlemoodleMatch2.8.9

moodlemoodleMatch2.9.0

moodlemoodleMatch2.9.1

moodlemoodleMatch2.9.2

moodlemoodleMatch2.9.3

moodlemoodleMatch3.0.0

moodlemoodleMatch3.0.1

VendorProductVersionCPE
fedoraprojectfedora22cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
fedoraprojectfedora23cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
moodlemoodle2.8.0cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*
moodlemoodle2.8.1cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*
moodlemoodle2.8.2cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*
moodlemoodle2.8.3cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*
moodlemoodle2.8.4cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*
moodlemoodle2.8.5cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*
moodlemoodle2.8.6cpe:2.3:a:moodle:moodle:2.8.6:*:*:*:*:*:*:*
moodlemoodle2.8.7cpe:2.3:a:moodle:moodle:2.8.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
fedoraproject	fedora	22	cpe:2.3:o:fedoraproject:fedora:22:::::::*
fedoraproject	fedora	23	cpe:2.3:o:fedoraproject:fedora:23:::::::*
moodle	moodle	2.8.0	cpe:2.3:a:moodle:moodle:2.8.0:::::::*
moodle	moodle	2.8.1	cpe:2.3:a:moodle:moodle:2.8.1:::::::*
moodle	moodle	2.8.2	cpe:2.3:a:moodle:moodle:2.8.2:::::::*
moodle	moodle	2.8.3	cpe:2.3:a:moodle:moodle:2.8.3:::::::*
moodle	moodle	2.8.4	cpe:2.3:a:moodle:moodle:2.8.4:::::::*
moodle	moodle	2.8.5	cpe:2.3:a:moodle:moodle:2.8.5:::::::*
moodle	moodle	2.8.6	cpe:2.3:a:moodle:moodle:2.8.6:::::::*
moodle	moodle	2.8.7	cpe:2.3:a:moodle:moodle:2.8.7:::::::*