Home > Vulnerability Database > CVE-2014-3551

Mend.io Vulnerability Database

CVE-2014-3551

Date: July 29, 2014

Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.

Language: PHP

Severity Score

3.1

Related Resources (25)

Url: https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763

Url: http://www.securityfocus.com/bid/68763

Url: https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2

Url: https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512

Url: https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14

Url: https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223

Url: https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853

Url: https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654

Url: https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae

Url: https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264

Url: https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f

Url: https://nvd.nist.gov/vuln/detail/CVE-2014-3551

Url: https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb

Url: https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8

Url: https://moodle.org/mod/forum/discuss.php?d=264273

Url: https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e

Url: https://github.com/moodle/moodle

Url: https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789

Url: https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e

Url: https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085

Url: https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9

Url: https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865

Url: http://openwall.com/lists/oss-security/2014/07/21/1

Url: https://www.mend.io/vulnerability-database/CVE-2014-3551

Severity Score

3.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2014-3551

Date: July 29, 2014

Language: PHP

Severity Score

Related Resources (25)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?