Lucene search

K

GoogleOSV:GHSA-M8F5-9WG8-2C3H

HistoryMay 13, 2022 - 1:12 a.m.

Moodle multiple cross-site scripting (XSS) vulnerabilities

2022-05-1301:12:41

Google

osv.dev

3

5.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.0%

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.

CPENameOperatorVersion
moodle/moodleeq2.5.1
moodle/moodleeq2.4.0
moodle/moodleeq2.4.3
moodle/moodleeq2.3.11
moodle/moodleeq2.5.2
moodle/moodleeq2.4.2
moodle/moodleeq2.3.5
moodle/moodleeq2.3.6
moodle/moodleeq2.4.8
moodle/moodleeq2.3.4

Rows per page:

1-10 of 321

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223

openwall.com/lists/oss-security/2014/07/21/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb

github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947

github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e

github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f

github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865

github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853

github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654

github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789

github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae

github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14

github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9

github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2

github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512

github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264

github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085

github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e

github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8

moodle.org/mod/forum/discuss.php?d=264273

nvd.nist.gov/vuln/detail/CVE-2014-3551

web.archive.org/web/20200228170658/www.securityfocus.com/bid/68763

5.3 Medium

AI Score

Confidence

High

3.5 Low

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:S/C:N/I:P/A:N

0.001 Low

EPSS

Percentile

41.0%

Related for OSV:GHSA-M8F5-9WG8-2C3H

veracode1 prion1 cvelist1 ubuntucve1 github1 cve1 nessus4 mageia1 openvas6 fedora5