CVE-2014-3544

LAB

Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - Stored XSS via Skype ID

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2014-3544. PoCs published by Osanda Malith Jayathissa, aforesaid.

AI-analyzed exploit summary This exploit demonstrates a persistent XSS vulnerability in Moodle 2.7 by injecting a malicious payload into the Skype ID field of a user profile. The payload triggers when the profile is viewed, executing arbitrary JavaScript.

Description

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

Exploits (2)

exploitdb WORKING POC
by Osanda Malith Jayathissa · textwebappsphp
https://www.exploit-db.com/exploits/34169

This exploit demonstrates a persistent XSS vulnerability in Moodle 2.7 by injecting a malicious payload into the Skype ID field of a user profile. The payload triggers when the profile is viewed, executing arbitrary JavaScript.

Classification
Working Poc 100%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: Moodle 2.7
Auth required
Prerequisites: Valid user account with profile edit permissions
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 1 stars
by aforesaid · poc
https://github.com/aforesaid/MoodleHack

This repository contains a proof-of-concept exploit for CVE-2014-3544, targeting Moodle. The exploit involves session validation and manipulation, with functionality to add and manage user accounts via API endpoints.

Classification
Working Poc 80%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Moodle (version not explicitly specified)
Auth required
Prerequisites: Valid Moodle session token · Access to the target Moodle instance
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (9)

Core 9
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2014/07/21/1
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/34169
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/show/osvdb/109337
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/68756
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=264265

Scores

EPSS 0.0467
EPSS Percentile 90.6%

Lab Environment

COMMUNITY SUSPICIOUS
Community Lab
docker pull mcr.microsoft.com/dotnet/sdk:5.0

Details

CWE
CWE-79
Status published
Products (36)
moodle/moodle 2.4.0
moodle/moodle 2.4.1
moodle/moodle 2.4.2
moodle/moodle 2.4.3
moodle/moodle 2.4.4
moodle/moodle 2.4.5
moodle/moodle 2.4.6
moodle/moodle 2.4.7
moodle/moodle 2.4.8
moodle/moodle 2.4.9
... and 26 more
Published Jul 29, 2014
Tracked Since Feb 18, 2026