CVE-2014-3544
LABMoodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - Stored XSS via Skype ID
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2014-3544. PoCs published by Osanda Malith Jayathissa, aforesaid.
AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Moodle 2.7 by injecting a malicious payload into the Skype ID field of a user profile. The payload triggers when the profile is viewed, executing arbitrary JavaScript.
Description
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
Exploits (2)
This exploit demonstrates a persistent XSS vulnerability in Moodle 2.7 by injecting a malicious payload into the Skype ID field of a user profile. The payload triggers when the profile is viewed, executing arbitrary JavaScript.
This repository contains a proof-of-concept exploit for CVE-2014-3544, targeting Moodle. The exploit involves session validation and manipulation, with functionality to add and manage user accounts via API endpoints.