CVE-2014-3551

Moodle < 2.3.11 - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.

Exploits (1)

nomisec WRITEUP

by JavaGarcia · poc

https://github.com/JavaGarcia/CVE-2014-3551

View Code ZIP pw:eip

References (4)

[Patch] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223

[Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=264273

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/68763

[Mailing List] http://openwall.com/lists/oss-security/2014/07/21/1

Scores

EPSS 0.0025

EPSS Percentile 48.2%

Details

CWE

CWE-79

Status published

Products (37)

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle < 2.3.11

moodle/moodle

moodle/moodle

... and 27 more

Published Jul 29, 2014

Tracked Since Feb 18, 2026