CVE-2012-3396
Moodle 2.0.x-2.0.10, 2.1.x-2.1.7, 2.2.x-2.2.4, 2.3.x-2.3.1 - XSS via Cohort ID Field
Title source: llmDescription
Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49890
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-34045
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/07/17/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/54481
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/76962
Scores
EPSS
0.0021
EPSS Percentile
42.9%
Details
CWE
CWE-79
Status
published
Products (22)
moodle/moodle
2.0.0
moodle/moodle
2.0.1
moodle/moodle
2.0.2
moodle/moodle
2.0.3
moodle/moodle
2.0.4
moodle/moodle
2.0.5
moodle/moodle
2.0.6
moodle/moodle
2.0.7
moodle/moodle
2.0.8
moodle/moodle
2.0.9
... and 12 more
Published
Jul 23, 2012
Tracked Since
Feb 18, 2026