Back to search
CVE-2015-3174
Published: Jun 1, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
1032358
vdb-entry
x_refsource_SECTRACK
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941
x_refsource_CONFIRM
https://moodle.org/mod/forum/discuss.php?d=313681
x_refsource_CONFIRM
[oss-security] 20150518 Moodle security advisories [vs]
mailing-list
x_refsource_MLIST
74719
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now