GHSA-9fmw-m4qx-6cq8
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9fmw-m4qx-6cq8
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9fmw-m4qx-6cq8/GHSA-9fmw-m4qx-6cq8.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9fmw-m4qx-6cq8
- Aliases
-
- CVE-2015-3178
- Published
- 2022-05-13T01:12:46Z
- Modified
- 2024-12-08T05:34:58.375694Z
- Summary
- Moodle cross-site scripting (XSS) vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in the externalformattext function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
- Database specific
{ "nvd_published_at": "2015-06-01T19:59:00Z", "cwe_ids": [ "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-01-26T01:05:29Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-3178
- https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749
- https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78
- https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5
- https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f
- https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b
- https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=313685
- https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726
- https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718
- http://openwall.com/lists/oss-security/2015/05/18/1
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.11
Affected versions
v2.*
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.4.0-rc1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.4.11
v2.5.0-beta
v2.5.0-rc1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0-beta
v2.6.0-rc1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
v2.6.9
v2.6.10
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle