VDB
CVE-2014-3544
CVE-2014-3544
PUBLISHED
CVSS 3.5 LOW
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
EPSS 0.82% · 74.7th percentile
Risk Scores
CVSS 2.0
3.5
EPSS Score
0.82%
74.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| moodle | moodle | 0, 2.5.0, 2.7.0 |
| n/a | n/a | n/a |
| moodle | moodle | 2.4.8, 2.4.9, 0 |
Exploit Intelligence
- Реализация использования уязвимости Moodle CVE-2014-3544. (github-poc)
- Реализация использования уязвимости Moodle CVE-2014-3544. (github-poc)
- Реализация использования уязвимости Moodle CVE-2014-3544. (github-poc)
- Реализация использования уязвимости Moodle CVE-2014-3544. (github-poc)
- Реализация использования уязвимости Moodle CVE-2014-3544. (github-poc)
- [oss-security] 20140721 Moodle security notifications public (circl)
- 68756 (circl)
- https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d (circl)
- https://moodle.org/mod/forum/discuss.php?d=264265 (circl)
- 109337 (circl)
…and 4 more exploits
Timeline
- Jul 29, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- [oss-security] 20140721 Moodle security notifications public mailing-list
- http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/ url
- http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683 url
- http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html url
- 34169 exploit
- 109337 vdb
- 68756 vdb
- https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d url
- https://moodle.org/mod/forum/discuss.php?d=264265 url
- https://nvd.nist.gov/vuln/detail/CVE-2014-3544 advisory
- https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9 url
- https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9 url
- https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74 url
- https://github.com/moodle/moodle package
- http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss url