CVE-2014-2571 — Vulnetix

CVE-2014-2571 PUBLISHED CVSS 3.5 LOW

Cross-site scripting (XSS) vulnerability in the quiz_question_tostring function in mod/quiz/editlib.php in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote authenticated users to inject arbitrary web script or HTML via a quiz question.

EPSS 0.21% · 43.4th percentile

Risk Scores

CVSS 2.0

3.5

EPSS Score

0.21%

43.4th percentile

Affected Products

Vendor	Product	Versions
moodle	moodle	0, 2.0.0, 2.0.1
n/a	n/a	*
moodle	moodle	2.5.0, 2.6.0, 0

Exploit Intelligence

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43690 (circl)
[oss-security] 20140317 Moodle security notifications public (circl)
https://moodle.org/mod/forum/discuss.php?d=256416 (circl)

Timeline

Mar 22, 2014 CVE Published
Feb 4, 2022 EPSS Score
Mar 29, 2022 EPSS Score
May 20, 2022 EPSS Score
Jul 12, 2022 EPSS Score
Sep 3, 2022 EPSS Score
Oct 26, 2022 EPSS Score
Dec 18, 2022 EPSS Score
Feb 8, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 2, 2023 EPSS Score
May 25, 2023 EPSS Score

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-43690 url
[oss-security] 20140317 Moodle security notifications public mailing-list
https://moodle.org/mod/forum/discuss.php?d=256416 url
https://nvd.nist.gov/vuln/detail/CVE-2014-2571 advisory
https://github.com/moodle/moodle/commit/217d839ded7026ed1b1280e1c296bc80a4036023 url
https://github.com/moodle/moodle/commit/5da73345fdd46cef912b229b2cfae2a26e36efd8 url
https://github.com/moodle/moodle/commit/7051f3a8828665f4fab37c8db91322fec85a64db url
https://github.com/moodle/moodle/commit/fd4b7f57399bed85db0d4066ba12c2633ce87ba3 url
https://github.com/moodle/moodle package

Open in Interactive Console →