WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-3174)

Description

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.

Remediation

References

Related Vulnerabilities

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-2244)

WordPress Plugin AWSM Team-Team Showcase Local File Inclusion (1.3.1)

WordPress Plugin 2 Click Social Media Buttons 'xing-url' Parameter Cross-Site Scripting (0.32.2)

MediaWiki Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2022-41766)

WordPress Plugin Simpel Reserveren 3 Cross-Site Scripting (3.5.2)

Severity

Low

Classification

CVE-2015-3174 CWE-707

Tags

Missing Update Known Vulnerabilities