Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1tOGY1LTl3ZzgtMmMzaM30HA
Moodle multiple cross-site scripting (XSS) vulnerabilities
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
Permalink: https://github.com/advisories/GHSA-m8f5-9wg8-2c3hJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1tOGY1LTl3ZzgtMmMzaM30HA
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Low
Classification: General
Published: about 2 years ago
Updated: 4 months ago
Identifiers: GHSA-m8f5-9wg8-2c3h, CVE-2014-3551
References:
- https://nvd.nist.gov/vuln/detail/CVE-2014-3551
- https://moodle.org/mod/forum/discuss.php?d=264273
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
- http://openwall.com/lists/oss-security/2014/07/21/1
- https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb
- https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947
- https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e
- https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f
- https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865
- https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853
- https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654
- https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789
- https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae
- https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14
- https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9
- https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2
- https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512
- https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264
- https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085
- https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e
- https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8
- https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763
- https://github.com/advisories/GHSA-m8f5-9wg8-2c3h
Blast Radius: 0.0
Affected Packages
packagist:moodle/moodle
Dependent packages: 3Dependent repositories: 26
Downloads: 54,247 total
Affected Version Ranges: >= 2.7.0, < 2.7.1, >= 2.6.0, < 2.6.4, >= 2.5.0, < 2.5.7, < 2.4.11
Fixed in: 2.7.1, 2.6.4, 2.5.7, 2.4.11
All affected versions: 2.3.4, 2.3.5, 2.3.6, 2.3.7, 2.3.8, 2.3.9, 2.3.10, 2.3.11, 2.4.0, 2.4.1, 2.4.2, 2.4.3, 2.4.4, 2.4.5, 2.4.6, 2.4.7, 2.4.8, 2.4.9, 2.4.10, 2.5.0, 2.5.1, 2.5.2, 2.5.3, 2.5.4, 2.5.5, 2.5.6, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.7.0
All unaffected versions: 2.4.11, 2.5.7, 2.5.8, 2.5.9, 2.6.4, 2.6.5, 2.6.6, 2.6.7, 2.6.8, 2.6.9, 2.6.10, 2.6.11, 2.7.1, 2.7.2, 2.7.3, 2.7.4, 2.7.5, 2.7.6, 2.7.7, 2.7.8, 2.7.9, 2.7.10, 2.7.11, 2.7.12, 2.7.13, 2.7.14, 2.7.15, 2.7.16, 2.7.17, 2.7.18, 2.7.19, 2.7.20, 2.8.0, 2.8.1, 2.8.2, 2.8.3, 2.8.4, 2.8.5, 2.8.6, 2.8.7, 2.8.8, 2.8.9, 2.8.10, 2.8.11, 2.8.12, 2.9.0, 2.9.1, 2.9.2, 2.9.3, 2.9.4, 2.9.5, 2.9.6, 2.9.7, 2.9.8, 2.9.9, 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.1.0, 3.1.1, 3.1.2, 3.1.3, 3.1.4, 3.1.5, 3.1.6, 3.1.7, 3.1.8, 3.1.9, 3.1.10, 3.1.11, 3.1.12, 3.1.13, 3.1.14, 3.1.15, 3.1.16, 3.1.17, 3.1.18, 3.2.0, 3.2.1, 3.2.2, 3.2.3, 3.2.4, 3.2.5, 3.2.6, 3.2.7, 3.2.8, 3.2.9, 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.3.4, 3.3.5, 3.3.6, 3.3.7, 3.3.8, 3.3.9, 3.4.0, 3.4.1, 3.4.2, 3.4.3, 3.4.4, 3.4.5, 3.4.6, 3.4.7, 3.4.8, 3.4.9, 3.5.0, 3.5.1, 3.5.2, 3.5.3, 3.5.4, 3.5.5, 3.5.6, 3.5.7, 3.5.8, 3.5.9, 3.5.10, 3.5.11, 3.5.12, 3.5.13, 3.5.14, 3.5.15, 3.5.16, 3.5.17, 3.5.18, 3.6.0, 3.6.1, 3.6.2, 3.6.3, 3.6.4, 3.6.5, 3.6.6, 3.6.7, 3.6.8, 3.6.9, 3.6.10, 3.7.0, 3.7.1, 3.7.2, 3.7.3, 3.7.4, 3.7.5, 3.7.6, 3.7.7, 3.7.8, 3.7.9, 3.8.0, 3.8.1, 3.8.2, 3.8.3, 3.8.4, 3.8.5, 3.8.6, 3.8.7, 3.8.8, 3.8.9, 3.9.0, 3.9.1, 3.9.2, 3.9.3, 3.9.4, 3.9.5, 3.9.6, 3.9.7, 3.9.8, 3.9.9, 3.9.10, 3.9.11, 3.9.12, 3.9.13, 3.9.14, 3.9.15, 3.9.16, 3.9.17, 3.9.18, 3.9.19, 3.9.20, 3.9.21, 3.9.22, 3.9.23, 3.9.24, 3.9.25, 3.10.0, 3.10.1, 3.10.2, 3.10.3, 3.10.4, 3.10.5, 3.10.6, 3.10.7, 3.10.8, 3.10.9, 3.10.10, 3.10.11, 3.11.0, 3.11.1, 3.11.2, 3.11.3, 3.11.4, 3.11.5, 3.11.6, 3.11.7, 3.11.8, 3.11.9, 3.11.10, 3.11.11, 3.11.12, 3.11.13, 3.11.14, 3.11.15, 3.11.16, 3.11.17, 3.11.18, 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.0.8, 4.0.9, 4.0.10, 4.0.11, 4.0.12, 4.1.0, 4.1.1, 4.1.2, 4.1.3, 4.1.4, 4.1.5, 4.1.6, 4.1.7, 4.1.8, 4.1.9, 4.1.10, 4.2.0, 4.2.1, 4.2.2, 4.2.3, 4.2.4, 4.2.5, 4.2.6, 4.2.7, 4.3.0, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.4.0