Lucene search

K

GoogleOSV:GHSA-5729-822W-J342

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site scripting (XSS) vulnerability

2022-05-1301:12:47

Google

osv.dev

6

moodle

xss

vulnerability

group/overview.php

remote authenticated users

web script

html

grouping description

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

45.1%

Cross-site scripting (XSS) vulnerability in group/overview.php in Moodle through 2.6.11, 2.7.x before 2.7.10, 2.8.x before 2.8.8, and 2.9.x before 2.9.2 allows remote authenticated users to inject arbitrary web script or HTML via a modified grouping description.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50709

www.openwall.com/lists/oss-security/2015/09/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/45f3b5302d645ba13ca8b68b0106a638ebd21980

github.com/moodle/moodle/commit/a44fed5c804b52e82c334c37dcc1c12b77f97af8

github.com/moodle/moodle/commit/ae6b18a9343083c1ab62d6eb535a7112bd7a3a50

github.com/moodle/moodle/commit/fa5a3cdedcd92bd96881fa89a6ff5efd80bd3512

moodle.org/mod/forum/discuss.php?d=320293

nvd.nist.gov/vuln/detail/CVE-2015-5269

web.archive.org/web/20160323063809/www.securitytracker.com/id/1033619

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

45.1%

Related for OSV:GHSA-5729-822W-J342

cve1 github1 ubuntucve1 cvelist1 veracode1 prion1 nvd1 openvas2 mageia1 nessus4 freebsd1 fedora2