Home > Vulnerability Database > CVE-2016-2152

Mend.io Vulnerability Database

CVE-2016-2152

Date: May 22, 2016

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

Language: PHP

Severity Score

6.1

Related Resources (17)

Url: https://github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055

Url: https://nvd.nist.gov/vuln/detail/CVE-2016-2152

Url: https://github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b

Url: http://www.openwall.com/lists/oss-security/2016/03/21/1

Url: https://github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349

Url: https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705

Url: https://github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897

Url: https://github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657

Url: https://github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1

Url: http://www.securitytracker.com/id/1035333

Url: https://github.com/moodle/moodle

Url: https://github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d

Url: https://moodle.org/mod/forum/discuss.php?d=330174

Url: https://github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c

Url: https://github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20

Url: https://www.mend.io/vulnerability-database/CVE-2016-2152

Severity Score

6.1

Weakness Type (CWE)

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

CWE-79

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2016-2152

Date: May 22, 2016

Language: PHP

Severity Score

Related Resources (17)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?