Main Vulnerability Database Vulnerabilities #VU40459

Cross-site scripting in Moodle - CVE-2015-5336

Published: February 22, 2016 / Updated: August 9, 2020

Vulnerability identifier: #VU40459

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Clear

CVE-ID: CVE-2015-5336

CWE-ID: CWE-79

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: moodle.org

Affected software:
Moodle

Detailed vulnerability description

The vulnerability allows a remote authenticated user to read and manipulate data.

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

How to mitigate CVE-2015-5336

Install update from vendor's website.

Sources

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
https://moodle.org/mod/forum/discuss.php?d=323231

Cross-site scripting in Moodle - CVE-2015-5336

Detailed vulnerability description

How to mitigate CVE-2015-5336

Sources

Please verify you're human