Description

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

Remediation

References

CVE-2015-5336

Related Vulnerabilities

Oracle HTTP Server CVE-2013-5704 Vulnerability (CVE-2013-5704)

WordPress Plugin Frontend Uploader Cross-Site Scripting (1.3.2)

WordPress Plugin Embed Any Document-Embed PDF, Word, PowerPoint and Excel Files Cross-Site Scripting (2.7.1)

WordPress Plugin Comment Rating 'id' Parameter SQL Injection (2.9.23)

Oracle Application Server CVE-2008-1824 Vulnerability (CVE-2008-1824)

Severity

Medium

Classification

CVE-2015-5336 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:N/VI:L/VA:N/SC:L/SI:L/SA:N

Tags

Missing Update Known Vulnerabilities