Acunetix DAST powers runtime capabilities for Invicti’s complete AppSec platform. Visit Invicti for more.

WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-5336)

Description

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

Remediation

References

Related Vulnerabilities

MySQL CVE-2017-3308 Vulnerability (CVE-2017-3308)

MySQL Improper Privilege Management Vulnerability (CVE-2017-3257)

WordPress Plugin WoWPth Cross-Site Scripting (2.0)

WordPress Plugin Login Logout Menu Multiple Cross-Site Scripting Vulnerabilities (1.3.3)

WordPress Plugin RK Responsive Contact Form SQL Injection (1.0.0)

Severity

Medium

Classification

CVE-2015-5336 CWE-707 CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities