CVE-2013-4341

Moodle < 2.2.11 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or HTML via a crafted blog link within an RSS feed.

Exploits (2)

metasploit WORKING POC EXCELLENT

rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/moodle_spelling_binary_rce.rb

View Code ZIP pw:eip

exploitdb WORKING POC

by Ciaran McNally · textwebappsphp

https://www.exploit-db.com/exploits/28174

View Code ZIP pw:eip

References (3)

[Vendor Advisory] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41623

[Exploit, Third Party Advisory, VDB Entry] http://packetstormsecurity.com/files/164479/Moodle-Authenticated-Spelling-Binary-Remote-Code-Execution.html

[Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=238399

Scores

EPSS 0.0771

EPSS Percentile 91.8%

Details

CWE

CWE-79

Status published

Products (19)

moodle/moodle < 2.2.11

moodle/moodle

... and 9 more

Published Sep 16, 2013

Tracked Since Feb 18, 2026