Home > Vulnerability Database > CVE-2015-3178

Mend.io Vulnerability Database

CVE-2015-3178

Good to know:

Date: June 1, 2015

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

Language: PHP

Severity Score

5.0

Related Resources (7)

Url: https://moodle.org/mod/forum/discuss.php?d=313685

Url: http://www.securityfocus.com/bid/74726

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-3178

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718

Url: http://www.securitytracker.com/id/1032358

Url: http://openwall.com/lists/oss-security/2015/05/18/1

Url: https://www.mend.io/vulnerability-database/CVE-2015-3178

Severity Score

5.0

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 2.6.11,2.7.8,2.8.6

Learn More

CVSS v3

Base Score:	5.0
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	9.8
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-3178

Good to know:

Date: June 1, 2015

Language: PHP

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?