GHSA-6mxm-wpqv-675h

Source

https://github.com/advisories/GHSA-6mxm-wpqv-675h

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6mxm-wpqv-675h/GHSA-6mxm-wpqv-675h.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-6mxm-wpqv-675h

Aliases

CVE-2016-2152

Published

2022-05-13T01:12:38Z

Modified

2024-02-16T08:18:58.847321Z

Severity

6.1 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

Moodle XSS from profile fields from external db

Details

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

Database specific

{
    "nvd_published_at": "2016-05-22T20:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-26T20:47:42Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7

Fixed

2.7.13

Affected versions

v2.*

v2.7.0-beta

v2.7.0-rc1

v2.7.0-rc2

v2.7.0

v2.7.1

v2.7.2

v2.7.3

v2.7.4

v2.7.5

v2.7.6

v2.7.7

v2.7.8

v2.7.9

v2.7.10

v2.7.11

v2.7.12

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.8

Fixed

2.8.11

Affected versions

v2.*

v2.8.0-beta

v2.8.0-rc1

v2.8.0-rc2

v2.8.0

v2.8.1

v2.8.2

v2.8.3

v2.8.4

v2.8.5

v2.8.6

v2.8.7

v2.8.8

v2.8.9

v2.8.10

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.9

Fixed

2.9.5

Affected versions

v2.*

v2.9.0-beta

v2.9.0-rc1

v2.9.0-rc2

v2.9.0

v2.9.1

v2.9.2

v2.9.3

v2.9.4

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

3.0

Fixed

3.0.3

Affected versions

v3.*

v3.0.0-beta

v3.0.0-rc1

v3.0.0-rc2

v3.0.0-rc3

v3.0.0-rc4

v3.0.0

v3.0.1

v3.0.2