CVE-2015-3275

MEDIUM

Moodle <2.6.11, <2.7.9, <2.8.7, <2.9.1 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.

References (4)

[Patch] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id/1032877

[Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=316665

[Mailing List] http://openwall.com/lists/oss-security/2015/07/13/2

Scores

CVSS v3 6.1

EPSS 0.0026

EPSS Percentile 48.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (22)

moodle/moodle < 2.6.11

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

moodle/moodle

... and 7 more

Timeline

Published Feb 22, 2016

Tracked Since Feb 18, 2026