Lucene search

K

GoogleOSV:GHSA-F7QM-Q26P-6RR2

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site scripting (XSS) vulnerability

2022-05-1301:12:47

Google

osv.dev

16

moodle

cross-site scripting

user details

remote attackers

web service

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

59.1%

Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130

openwall.com/lists/oss-security/2015/07/13/2

github.com/moodle/moodle

github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8

github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36

github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b

github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7

moodle.org/mod/forum/discuss.php?d=316664

nvd.nist.gov/vuln/detail/CVE-2015-3274

web.archive.org/web/20150924032214/www.securitytracker.com/id/1032877

AI Score

5.7

Confidence

High

EPSS

0.002

Percentile

59.1%

Related for OSV:GHSA-F7QM-Q26P-6RR2

prion1 veracode1 github1 nvd1 cvelist1 ubuntucve1 cve1 mageia1 openvas3 freebsd1 nessus5