Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2015-5336

Date: February 21, 2016

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

Language: PHP

Severity Score

Related Resources (12)

https://moodle.org/mod/forum/discuss.php?d=323231
https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88
https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6
https://nvd.nist.gov/vuln/detail/CVE-2015-5336
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223
https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0
https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951
https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe
https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9
https://www.mend.io/vulnerability-database/CVE-2015-5336

Severity Score

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): LOW
Privileges Required (PR): LOW
User Interaction (UI): REQUIRED
Scope (S): CHANGED
Confidentiality (C): LOW
Integrity (I): LOW
Availability (A): NONE

CVSS v2

Base Score:
Access Vector (AV): NETWORK
Access Complexity (AC): MEDIUM
Authentication (AU): SINGLE
Confidentiality (C): NONE
Integrity (I): PARTIAL
Availability (A): NONE
Additional information:

Do you need more information?

Contact Us