CVE-2012-3396

Moodle - XSS

Title source: rule

Description

Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.

References (5)

[Patch] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045

[Third Party Advisory] http://secunia.com/advisories/49890

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/54481

[Mailing List] http://openwall.com/lists/oss-security/2012/07/17/1

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/76962

Scores

EPSS 0.0021

EPSS Percentile 42.9%

Classification

CWE

CWE-79

Status published

Affected Products (23)

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

... and 8 more

Timeline

Published Jul 23, 2012

Tracked Since Feb 18, 2026