Description

Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.

Remediation

References

CVE-2015-3274

Related Vulnerabilities

OpenSSL Resource Management Errors Vulnerability (CVE-2014-3507)

Jenkins Improper Authentication Vulnerability (CVE-2014-2062)

WordPress 4.1.x Multiple Vulnerabilities (4.1 - 4.1.33)

Joomla Other Vulnerability (CVE-2006-1027)

WordPress Plugin Catch Scroll Progress Bar Security Bypass (1.5)

Severity

Medium

Classification

CVE-2015-3274 CWE-707 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities