Description

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

Remediation

References

CVE-2015-5336

Related Vulnerabilities

Joomla Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2020-35611)

WordPress Plugin Leaky Paywall PHP Object Injection (4.9.1)

Oracle JRE CVE-2013-2466 Vulnerability (CVE-2013-2466)

Joomla! Core 3.x.x Cross-Site Scripting (3.0.0 - 3.9.18)

WordPress Plugin Loan Comparison Multiple Cross-Site Scripting Vulnerabilities (1.5.2)

Severity

Medium

Classification

CVE-2015-5336 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities