Cross-Site Scripting Vulnerability in Moodle 3.x Assignment Submission Page
CVE-2017-2578

6.1MEDIUM

Key Information:

Vendor: Moodle
Status: Moodle 3.x
Vendor: CVE Published:; 20 January 2017

Summary

A Cross-Site Scripting (XSS) vulnerability exists in Moodle 3.x that affects the assignment submission page. This flaw allows an attacker to inject malicious scripts, which can be executed in the context of a user’s session. When users interact with the compromised page, their sensitive information may be exposed. It is crucial for administrators using affected versions of Moodle to apply security measures promptly to protect users from potential exploits.

Affected Version(s)

Moodle 3.x Moodle 3.x

References

https://moodle.org/mod/forum/discuss.php?d=345915

x_refsource_CONFIRM

http://www.securityfocus.com/bid/95647

vdb-entryx_refsource_BID

CVSS V3.1

Score:

6.1

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
Jan 20, 2017
Vulnerability Reserved
Dec 1, 2016