Lucene search
Ubuntu.comUB:CVE-2015-3174HistoryJun 01, 2015 - 12:00 a.m.
CVE-2015-3174
2015-06-0100:00:00
ubuntu.com
ubuntu.com
11
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
0.002
Percentile
54.0%
mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x
before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for
graders, which allows remote authenticated users to conduct cross-site
scripting (XSS) attacks via crafted gradebook feedback during manual quiz
grading.
Related
cvelist
cvelist
CVE-2015-3174
2015-06-01 19:00:00
github
github
Moodle does not set the RISK_XSS bit for graders
2022-05-13 01:12:45
veracode
veracode
Cross-Site Scripting (XSS)
2017-07-27 03:18:22
nvd
nvd
CVE-2015-3174
2015-06-01 19:59:17
cve
cve
CVE-2015-3174
2015-06-01 19:59:17
osv
osv
Moodle does not set the RISK_XSS bit for graders
2022-05-13 01:12:45
prion
prion
Cross site scripting
2015-06-01 19:59:00
openvas
openvas
Mageia: Security Advisory (MGASA-2015-0229)
2022-01-28 00:00:00
Fedora Update for moodle FEDORA-2015-14996
2015-09-16 00:00:00
Fedora Update for moodle FEDORA-2015-14988
2015-09-16 00:00:00
nessus
nessus
Moodle 2.6.x < 2.6.11 / 2.7.x < 2.7.8 Multiple Vulnerabilities
2016-07-21 00:00:00
Moodle 2.8.x < 2.8.6 Multiple Vulnerabilities
2016-07-21 00:00:00
Fedora 23 : moodle-2.9.1-1.fc23 (2015-14987)
2015-09-21 00:00:00
mageia
mageia
Updated moodle packages fix security vulnerabilities
2015-05-18 22:08:05
fedora
fedora
[SECURITY] Fedora 21 Update: moodle-2.7.9-1.fc21
2015-09-15 21:22:02
[SECURITY] Fedora 22 Update: moodle-2.8.7-1.fc22
2015-09-15 19:54:05
[SECURITY] Fedora 23 Update: moodle-2.9.1-1.fc23
2015-09-18 19:33:20
CVSS2
3.5
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:S/C:N/I:P/A:N
EPSS
0.002
Percentile
54.0%
Related for UB:CVE-2015-3174