Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-czph-uxwr-5uge

Summary

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.

Aliases

alias	CVE-2014-3547

alias	GHSA-hwjv-mc78-cccj

Fixed_packages

url	pkg:composer/moodle/moodle@2.5.7
purl	pkg:composer/moodle/moodle@2.5.7
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7

url	pkg:composer/moodle/moodle@2.6.4
purl	pkg:composer/moodle/moodle@2.6.4
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4

url	pkg:composer/moodle/moodle@2.7.1
purl	pkg:composer/moodle/moodle@2.7.1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1

Affected_packages

url pkg:composer/moodle/moodle@2.5.0

purl pkg:composer/moodle/moodle@2.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ehh-qz6c-ykhp

vulnerability	VCID-1whm-dsv7-t7gm

vulnerability	VCID-4v57-bu85-syhr

vulnerability	VCID-4xqt-yugc-qufr

vulnerability	VCID-5ru2-1n1f-afa4

vulnerability	VCID-6v43-drd7-ufd7

vulnerability	VCID-7g7m-bu5q-gbcx

vulnerability	VCID-88pw-zwqn-cqfd

vulnerability	VCID-cvqm-kjhx-q7ej

vulnerability	VCID-czph-uxwr-5uge

vulnerability	VCID-ea5s-xphb-6ub7

vulnerability	VCID-gdz8-d8j3-nqdh

vulnerability	VCID-h8xn-n98n-qqdv

vulnerability	VCID-j3t3-svwb-p7bn

vulnerability	VCID-q3wv-9hj6-vbgt

vulnerability	VCID-qpu2-8paz-7ydv

vulnerability	VCID-qxyw-7hnt-hqd6

vulnerability	VCID-r88h-mteg-yka9

vulnerability	VCID-rdfn-52p2-afa7

vulnerability	VCID-s5cy-eva4-wbaf

vulnerability	VCID-ucg8-htfc-2bhn

vulnerability	VCID-vrfy-36yc-muhr

vulnerability	VCID-vs2j-b4qg-nbgu

vulnerability	VCID-vwyj-z4gf-8fg5

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.0

url pkg:composer/moodle/moodle@2.6.0

purl pkg:composer/moodle/moodle@2.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ehh-qz6c-ykhp

vulnerability	VCID-1rar-m2g3-27ag

vulnerability	VCID-1whm-dsv7-t7gm

vulnerability	VCID-29yj-e9bd-queq

vulnerability	VCID-3xwm-hqap-8bct

vulnerability	VCID-4v57-bu85-syhr

vulnerability	VCID-4xqt-yugc-qufr

vulnerability	VCID-5c29-qn3p-3yde

vulnerability	VCID-5ru2-1n1f-afa4

vulnerability	VCID-6v43-drd7-ufd7

vulnerability	VCID-7g7m-bu5q-gbcx

vulnerability	VCID-7x8g-tdd5-kqbs

vulnerability	VCID-88pw-zwqn-cqfd

vulnerability	VCID-8q4n-d565-kfbn

vulnerability	VCID-bfmx-cwap-8yhp

vulnerability	VCID-cvqm-kjhx-q7ej

vulnerability	VCID-czph-uxwr-5uge

vulnerability	VCID-ea5s-xphb-6ub7

vulnerability	VCID-fs9k-21es-rygd

vulnerability	VCID-fumj-9pun-zfc5

vulnerability	VCID-gdz8-d8j3-nqdh

vulnerability	VCID-h8xn-n98n-qqdv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-hck4-emsr-q7dc

vulnerability	VCID-j3t3-svwb-p7bn

vulnerability	VCID-krn6-pwk5-ake2

vulnerability	VCID-kzwd-2e6n-fkbm

vulnerability	VCID-q3wv-9hj6-vbgt

vulnerability	VCID-qpu2-8paz-7ydv

vulnerability	VCID-qxyw-7hnt-hqd6

vulnerability	VCID-r88h-mteg-yka9

vulnerability	VCID-rdfn-52p2-afa7

vulnerability	VCID-s5cy-eva4-wbaf

vulnerability	VCID-ucg8-htfc-2bhn

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-uvgt-7m5a-xkdc

vulnerability	VCID-v4qm-48kk-pfaz

vulnerability	VCID-v7zm-cw8w-6yf8

vulnerability	VCID-vda3-4fgr-gfbw

vulnerability	VCID-vrfy-36yc-muhr

vulnerability	VCID-vs2j-b4qg-nbgu

vulnerability	VCID-vwyj-z4gf-8fg5

vulnerability	VCID-xnmk-jah2-ufce

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.0

url pkg:composer/moodle/moodle@2.7.0

purl pkg:composer/moodle/moodle@2.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1ehh-qz6c-ykhp

vulnerability	VCID-1rar-m2g3-27ag

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-29yj-e9bd-queq

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-2y3m-yuaj-vkf2

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3xwm-hqap-8bct

vulnerability	VCID-46jw-xjbu-b3f1

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5c29-qn3p-3yde

vulnerability	VCID-5nfq-4syg-87da

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-5vx4-qtb2-fqe9

vulnerability	VCID-62yh-cpfr-9bb1

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-8q4n-d565-kfbn

vulnerability	VCID-95mq-m2jz-a3ab

vulnerability	VCID-9z66-z9af-17f7

vulnerability	VCID-a3pu-x51u-1udr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-aqc8-tmeg-9fdd

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-bfmx-cwap-8yhp

vulnerability	VCID-czph-uxwr-5uge

vulnerability	VCID-d3yp-gq4c-vyf8

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-ea5s-xphb-6ub7

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fumj-9pun-zfc5

vulnerability	VCID-g4hn-yz26-1beb

vulnerability	VCID-gvan-87dt-b7fp

vulnerability	VCID-h8xn-n98n-qqdv

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-hck4-emsr-q7dc

vulnerability	VCID-j11s-2mhg-pfdn

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-krn6-pwk5-ake2

vulnerability	VCID-kzwd-2e6n-fkbm

vulnerability	VCID-n9uc-b76m-8fbs

vulnerability	VCID-nfdb-m7rg-47ca

vulnerability	VCID-qxyw-7hnt-hqd6

vulnerability	VCID-r3f7-9paf-83ht

vulnerability	VCID-r88h-mteg-yka9

vulnerability	VCID-rdfn-52p2-afa7

vulnerability	VCID-rscq-xx52-2ua8

vulnerability	VCID-s3bw-w61k-eqhy

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-s5cy-eva4-wbaf

vulnerability	VCID-tmwc-f872-mufw

vulnerability	VCID-ucg8-htfc-2bhn

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-uvgt-7m5a-xkdc

vulnerability	VCID-v4qm-48kk-pfaz

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-v7zm-cw8w-6yf8

vulnerability	VCID-vda3-4fgr-gfbw

vulnerability	VCID-vs2j-b4qg-nbgu

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-wavt-rrws-3yhs

vulnerability	VCID-wawr-t9dc-33fj

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xnmk-jah2-ufce

vulnerability	VCID-xy2y-yxfu-xfgm

vulnerability	VCID-y2vh-7r7h-9ugu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0

References

reference_url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042

reference_url

http://openwall.com/lists/oss-security/2014/07/21/1

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://openwall.com/lists/oss-security/2014/07/21/1

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2014-3547

reference_id

reference_type

scores

value	0.00285
scoring_system	epss
scoring_elements	0.52191
published_at	2026-06-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2014-3547

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88

reference_url

https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7

reference_url

https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987

reference_url

https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234

reference_url

https://moodle.org/mod/forum/discuss.php?d=264269

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=264269

reference_url

http://www.securityfocus.com/bid/68758

reference_id

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/68758

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2014-3547

reference_id

CVE-2014-3547

reference_type

scores

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2014-3547

reference_url	https://github.com/advisories/GHSA-hwjv-mc78-cccj
reference_id	GHSA-hwjv-mc78-cccj
reference_type
scores
url	https://github.com/advisories/GHSA-hwjv-mc78-cccj

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	79
name	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
description	The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-czph-uxwr-5uge

Vulnerability Instance