Free and open-source vulnerability scanner

Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.

Install Now

Available for macOS, Windows, and Linux

CVE-2015-0216

Published

8 years ago

Last Modified

3 years ago

CVSSv2.0 Severity

Low

Impact Analysis

Share on Facebook
Share on LinkedIn
Share on Twitter

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback..

CVSSv2.0 Score

Severity: Low
Base Score: 3.5/10
Exploit Score: 6.8/10
Access Vector: Network
Access Complexity: Medium
Authentication Required: Single
Impact Score: 2.9/10
Confidentiality Impact: None
Availability Impact: None
Integrity Impact: Partial

Products Affected

CPE	Affected	Vulnerable	Excluding	Edit
cpe:2.3:a:moodle:moodle:2.8.1:::::::*	Yes	-	-
cpe:2.3:a:moodle:moodle:2.8.0:::::::*	Yes	-	-

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034
https://moodle.org/mod/forum/discuss.php?d=278616
http://openwall.com/lists/oss-security/2015/01/19/1