Lucene search

K

GoogleOSV:GHSA-W77V-XPXR-C6PV

HistoryMay 13, 2022 - 1:12 a.m.

Moodle cross-site scripting (XSS) vulnerability

2022-05-1301:12:45

Google

osv.dev

9

moodle

cross-site scripting

xss

vulnerability

quiz

statistics

remote users

web script

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

39.8%

Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364

openwall.com/lists/oss-security/2015/03/16/1

github.com/moodle/moodle

github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e

github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7

github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f

github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b

moodle.org/mod/forum/discuss.php?d=307387

nvd.nist.gov/vuln/detail/CVE-2015-2273

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

39.8%

Related for OSV:GHSA-W77V-XPXR-C6PV

cvelist1 ubuntucve1 prion1 nvd1 cve1 veracode1 github1 nessus4 fedora3 mageia1 openvas4