CVE-2015-5336

MEDIUM

Moodle <2.6.11-2.9.3 - XSS

Title source: llm

Description

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

References (2)

[Patch] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940

[Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=323231

Scores

CVSS v3 5.4

EPSS 0.0019

EPSS Percentile 40.4%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status draft

Affected Products (25)

moodle/moodle < 2.6.11

moodle/moodle

... and 10 more

Timeline

Published Feb 22, 2016

Tracked Since Feb 18, 2026