GHSA-w77v-xpxr-c6pv
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w77v-xpxr-c6pv
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w77v-xpxr-c6pv/GHSA-w77v-xpxr-c6pv.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w77v-xpxr-c6pv
- Aliases
-
- CVE-2015-2273
- Published
- 2022-05-13T01:12:45Z
- Modified
- 2024-12-08T05:31:55.844120Z
- Summary
- Moodle cross-site scripting (XSS) vulnerability
- Details
-
Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statisticsquestiontable.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.
- Database specific
{ "nvd_published_at": "2015-06-01T19:59:00Z", "cwe_ids": [ "CWE-79" ], "severity": "LOW", "github_reviewed": true, "github_reviewed_at": "2024-01-26T01:04:24Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2015-2273
- https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e
- https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7
- https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f
- https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b
- https://github.com/moodle/moodle
- https://moodle.org/mod/forum/discuss.php?d=307387
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
- http://openwall.com/lists/oss-security/2015/03/16/1
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.6.9
Affected versions
v2.*
v2.3.4
v2.3.5
v2.3.6
v2.3.7
v2.3.8
v2.3.9
v2.3.10
v2.3.11
v2.4.0-rc1
v2.4.0
v2.4.1
v2.4.2
v2.4.3
v2.4.4
v2.4.5
v2.4.6
v2.4.7
v2.4.8
v2.4.9
v2.4.10
v2.4.11
v2.5.0-beta
v2.5.0-rc1
v2.5.0
v2.5.1
v2.5.2
v2.5.3
v2.5.4
v2.5.5
v2.5.6
v2.5.7
v2.5.8
v2.5.9
v2.6.0-beta
v2.6.0-rc1
v2.6.0
v2.6.1
v2.6.2
v2.6.3
v2.6.4
v2.6.5
v2.6.6
v2.6.7
v2.6.8
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle