Lucene search

K

GoogleOSV:GHSA-9FMW-M4QX-6CQ8

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site scripting (XSS) vulnerability

2022-05-1301:12:46

Google

osv.dev

9

moodle

cross-site scripting

xss

vulnerability

external_format_text

web services

remote authenticated users

html

2.5.9

2.6.x

2.7.x

2.8.x

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

48.3%

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718

openwall.com/lists/oss-security/2015/05/18/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749

github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78

github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5

github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f

github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b

github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6

moodle.org/mod/forum/discuss.php?d=313685

nvd.nist.gov/vuln/detail/CVE-2015-3178

web.archive.org/web/20200228054910/www.securityfocus.com/bid/74726

web.archive.org/web/20201201000000*/www.securitytracker.com/id/1032358

AI Score

5.2

Confidence

High

EPSS

0.001

Percentile

48.3%

Related for OSV:GHSA-9FMW-M4QX-6CQ8

cvelist1 veracode1 ubuntucve1 cve1 github1 prion1 nvd1 nessus5 openvas3 mageia1 fedora3