fkie_nvd - fkie_cve-2015-3174

fkie_cve-2015-3174

Vulnerability from fkie_nvd

Published

2015-06-01 19:59

Modified

2025-04-12 10:46

Severity ?

Summary

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.

References

URL	Tags
secalert@redhat.com	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941
secalert@redhat.com	http://openwall.com/lists/oss-security/2015/05/18/1
secalert@redhat.com	http://www.securityfocus.com/bid/74719
secalert@redhat.com	http://www.securitytracker.com/id/1032358
secalert@redhat.com	https://moodle.org/mod/forum/discuss.php?d=313681	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941
af854a3a-2127-422b-91ae-364da2661108	http://openwall.com/lists/oss-security/2015/05/18/1
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74719
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032358
af854a3a-2127-422b-91ae-364da2661108	https://moodle.org/mod/forum/discuss.php?d=313681	Vendor Advisory

Impacted products

Vendor	Product	Version
moodle	moodle	*
moodle	moodle	2.5.0
moodle	moodle	2.5.1
moodle	moodle	2.5.2
moodle	moodle	2.5.3
moodle	moodle	2.5.4
moodle	moodle	2.5.5
moodle	moodle	2.5.6
moodle	moodle	2.5.7
moodle	moodle	2.5.8
moodle	moodle	2.6.0
moodle	moodle	2.6.1
moodle	moodle	2.6.2
moodle	moodle	2.6.3
moodle	moodle	2.6.4
moodle	moodle	2.6.5
moodle	moodle	2.6.6
moodle	moodle	2.6.7
moodle	moodle	2.6.8
moodle	moodle	2.6.9
moodle	moodle	2.6.10
moodle	moodle	2.7.0
moodle	moodle	2.7.1
moodle	moodle	2.7.2
moodle	moodle	2.7.3
moodle	moodle	2.7.4
moodle	moodle	2.7.5
moodle	moodle	2.7.6
moodle	moodle	2.7.7
moodle	moodle	2.8.0
moodle	moodle	2.8.1
moodle	moodle	2.8.2
moodle	moodle	2.8.3
moodle	moodle	2.8.4
moodle	moodle	2.8.5

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F79402-5EA5-42D8-8292-8C71C8BA748F",
              "versionEndIncluding": "2.5.9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "CD1B5B42-ECA9-4888-B18E-AD8D282311DB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EF03304-032C-4E85-A802-7CDAC89216FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "311BEFF3-A58A-4CA8-BE09-F8D081EA13A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7D2A1F8-82FF-4C1A-A872-71D93874EEAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E79BB0-6017-441C-9B10-00E55FDF0986",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA845882-C0F4-4522-94B2-9AA21A08887A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "48F341A8-0AC8-4033-8C99-0249B7289F9E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CE1A520-762B-4A35-8075-ED4ECA0A1CB3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.5.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "9803CBE2-80A6-47EB-A782-CC8F1E66FBD9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "05112EC5-3AAA-499B-8763-345187529C09",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "71407960-077B-4407-B249-789436687D91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "72728F94-D408-4CAD-A214-800B1D1C7971",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "33C1E9B5-6B2B-4230-92F2-EC0FB307ECF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6925A366-37EB-41ED-85C8-B56D6A93D4EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6400F9D-9654-444F-9EBB-0F73025AD744",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "66ED87A3-8237-4182-BEF5-052346067737",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "57441C51-2ADB-48B9-A655-82D6B1071C26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8D7276-415B-4394-8CBE-53EB40B8C5BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "65CA6C47-3E85-4639-9E04-E9E63D0CED06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.6.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "105490A4-7F97-467C-9015-069CE25980EB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4E051AAC-EB40-491F-AF0E-EE8143C12567",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "FADBE87F-1855-453B-B958-0CB8A7908A06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B53A7D2-BDA2-4185-97C3-977A04876A37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A51DFFA8-DFF0-429C-B697-F82F41621FEE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "19FD1565-0DA1-4BA8-A501-86F13D3D29ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D82CFE8-C38D-4FF3-BC4F-6C27AD64D9A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEB754AF-3DA4-4459-A53B-3BC7B78CE313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "F57E8383-C3F3-480C-B9A9-49633DAAEC18",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "12737AF4-B2D5-4661-B06A-6A06FE95EC2D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "88C59A94-D225-478A-B23E-41C4324BC643",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "192EA69B-A1E1-4E0D-8E73-76EB74CCDE49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D88385B1-EEFB-4825-BD8F-215C39FD86DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3BE2782-D167-4237-B57D-2E4C04571524",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "F277F979-12FA-47A5-B0A5-D174C2127A7D",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading."
    },
    {
      "lang": "es",
      "value": "mod/quiz/db/access.php en Moodle hasta 2.5.9, 2.6.x anterior a 2.6.11, 2.7.x anterior a 2.7.8, y 2.8.x anterior a 2.8.6 no configura el bit RISK_XSS para graduadores, lo que permite a usuarios remotos autenticados realizar ataques de XSS a trav\u00e9s de comentarios (feedback) manipulados del libro de notas durante la graduaci\u00f3n manual de cuestionarios."
    }
  ],
  "id": "CVE-2015-3174",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 3.5,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:S/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 6.8,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-06-01T19:59:17.243",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-49941"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://openwall.com/lists/oss-security/2015/05/18/1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/74719"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id/1032358"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=313681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.moodle.org/gw?p=moodle.git\u0026a=search\u0026h=HEAD\u0026st=commit\u0026s=MDL-49941"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2015/05/18/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74719"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032358"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=313681"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2015-3174 (GCVE-0-2015-3174)

Vulnerability from cvelistv5

Published

2015-06-01 19:00