Lucene search

K

GoogleOSV:GHSA-6MXM-WPQV-675H

HistoryMay 13, 2022 - 1:12 a.m.

Moodle XSS from profile fields from external db

2022-05-1301:12:38

Google

osv.dev

5

moodle

xss

profile fields

external db

vulnerabilities

remote attackers

web script

html

software

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

59.1%

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705

www.openwall.com/lists/oss-security/2016/03/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657

github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055

github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1

github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897

github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349

github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c

github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b

github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20

github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d

moodle.org/mod/forum/discuss.php?d=330174

nvd.nist.gov/vuln/detail/CVE-2016-2152

web.archive.org/web/20160424224349/www.securitytracker.com/id/1035333

AI Score

5.8

Confidence

High

EPSS

0.002

Percentile

59.1%

Related for OSV:GHSA-6MXM-WPQV-675H

veracode1 cvelist1 prion1 ubuntucve1 nvd1 cve1 github1 fedora3 nessus5 openvas3 mageia1 freebsd1