CVE-2014-3548
Moodle < 2.3.11, 2.4.x < 2.4.11, 2.5.x < 2.5.7, 2.6.x < 2.6.4, 2.7.x < 2.7.1 - XSS via AJAX Exception Dialog
Title source: llmDescription
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2014/07/21/1
Patch x_refsource_confirm
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68766
Vendor Advisory x_refsource_confirm
https://moodle.org/mod/forum/discuss.php?d=264270
Scores
EPSS
0.0026
EPSS Percentile
49.0%
Details
CWE
CWE-79
Status
published
Products (36)
moodle/moodle
2.3.0
moodle/moodle
2.3.1
moodle/moodle
2.3.2
moodle/moodle
2.3.3
moodle/moodle
2.3.4
moodle/moodle
2.3.5
moodle/moodle
2.3.6
moodle/moodle
2.3.7
moodle/moodle
2.3.8
moodle/moodle
2.3.9
... and 26 more
Published
Jul 29, 2014
Tracked Since
Feb 18, 2026