GHSA-2jcw-r79x-4r5v

Suggest an improvement
Source
https://github.com/advisories/GHSA-2jcw-r79x-4r5v
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-2jcw-r79x-4r5v/GHSA-2jcw-r79x-4r5v.json
JSON Data
https://api.test.osv.dev/v1/vulns/GHSA-2jcw-r79x-4r5v
Aliases
  • CVE-2015-0216
Published
2022-05-13T01:12:49Z
Modified
2024-12-08T05:28:28.045116Z
Summary
Moodle does not set the RISK_XSS bit for graders
Details

access.php in the Lesson module in Moodle 2.8.x before 2.8.2 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted essay feedback.

Database specific
{
    "nvd_published_at": "2015-06-01T19:59:00Z",
    "cwe_ids": [
        "CWE-79"
    ],
    "severity": "LOW",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-25T20:43:53Z"
}
References

Affected packages

Packagist / moodle/moodle

Package

Name
moodle/moodle
Purl
pkg:composer/moodle/moodle

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.8.0
Fixed
2.8.2

Affected versions

v2.*

v2.8.0
v2.8.1