Lucene search

K

GoogleOSV:GHSA-89F3-74M6-G27G

HistoryMay 13, 2022 - 1:12 a.m.

Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module

2022-05-1301:12:59

Google

osv.dev

8

moodle

file picker

xss vulnerabilities

versions 2.x - 2.4.x

remote authenticated users

web script injection

html injection

EPSS

0.001

Percentile

43.9%

Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507

lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html

lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html

openwall.com/lists/oss-security/2013/03/25/2

github.com/moodle/moodle

github.com/moodle/moodle/commit/75822af579ec07cca1c6781a7c989625dcdd5463

github.com/moodle/moodle/commit/93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce

github.com/moodle/moodle/commit/954b35451112c333c0ae77dff25dafbf41587c26

github.com/moodle/moodle/commit/ca2a7956b2957d8495e154409694d205bb4ae3ef

moodle.org/mod/forum/discuss.php?d=225344

nvd.nist.gov/vuln/detail/CVE-2013-1833

EPSS

0.001

Percentile

43.9%

Related for OSV:GHSA-89F3-74M6-G27G

cvelist1 nvd1 ubuntucve1 github1 veracode1 prion1 cve1 nessus2 openvas4 fedora2