Lucene search

K

GoogleOSV:GHSA-J4MR-VC54-H5PC

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site scripting (XSS) vulnerability

2022-05-1301:12:41

Google

osv.dev

3

moodle

cross-site scripting

xss

vulnerability

feedback module

remote authenticated users

arbitrary web script

html

capability

searchcourse parameter

software

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.3%

Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865

openwall.com/lists/oss-security/2014/11/17/11

www.securitytracker.com/id/1031215

github.com/moodle/moodle

github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8

github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e

github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183

github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c

moodle.org/mod/forum/discuss.php?d=275147

nvd.nist.gov/vuln/detail/CVE-2014-7830

web.archive.org/web/20200228175348/www.securityfocus.com/bid/71119

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.3%

Related for OSV:GHSA-J4MR-VC54-H5PC

nvd1 cvelist1 github1 ubuntucve1 prion1 veracode1 cve1 nessus1 openvas1 mageia1