CVE-2016-9188

MEDIUM

Moodle CMS <=3.1.2 - XSS

Title source: llm

Description

Cross-site scripting (XSS) vulnerabilities in Moodle CMS on or before 3.1.2 allow remote attackers to inject arbitrary web script or HTML via the s_additionalhtmlhead, s_additionalhtmltopofbody, and s_additionalhtmlfooter parameters.

References (2)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/94189

[Exploit, Third Party Advisory, VDB Entry] https://packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html

Scores

CVSS v3 6.1

EPSS 0.0037

EPSS Percentile 58.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Classification

CWE

CWE-79

Status published

Affected Products (3)

moodle/moodle < 3.1.2

moodle/moodle Packagist

n/a/n/a

Timeline

Published Nov 04, 2016

Tracked Since Feb 18, 2026