CVE-2014-3544

medium

Description

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

References

https://moodle.org/mod/forum/discuss.php?d=264265

https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d

http://www.securityfocus.com/bid/68756

http://www.exploit-db.com/exploits/34169

http://osvdb.org/show/osvdb/109337

http://openwall.com/lists/oss-security/2014/07/21/1

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683

Details

Source: Mitre, NVD

Published: 2014-07-29

Updated: 2020-12-01

Risk Information

CVSS v2

Base Score: 3.5

Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N

Severity: Low

CVSS v3

Base Score: 5.4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Severity: Medium