VulnerableCode Vulnerability Details - VCID-2dzy-4vcd-a7a9

Search for vulnerabilities

Vulnerability details: VCID-2dzy-4vcd-a7a9

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-2dzy-4vcd-a7a9
Aliases	CVE-2014-0218 GHSA-ch68-5r37-p7c3
Summary	Moodle cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/05/19/1
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2014-0218
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2014-0218
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-ch68-5r37-p7c3
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/5c276a4c324b5137064496d6dd68e71476015fcd
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/729783c4ba971413198f30784b48e3f2107a8da6
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/b8a6f7d19d623bcf992d8ecda94324100bc50e9d
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/c5e8a036c509197bb2927f47c0579992be479f35
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=260366
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-0218
generic_textual	MODERATE	https://web.archive.org/web/20141224120458/http://www.securityfocus.com/bid/67479

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45332
		http://openwall.com/lists/oss-security/2014/05/19/1
		https://api.first.org/data/v1/epss?cve=CVE-2014-0218
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/5c276a4c324b5137064496d6dd68e71476015fcd
		https://github.com/moodle/moodle/commit/729783c4ba971413198f30784b48e3f2107a8da6
		https://github.com/moodle/moodle/commit/b8a6f7d19d623bcf992d8ecda94324100bc50e9d
		https://github.com/moodle/moodle/commit/c5e8a036c509197bb2927f47c0579992be479f35
		https://moodle.org/mod/forum/discuss.php?d=260366
		https://nvd.nist.gov/vuln/detail/CVE-2014-0218
		https://web.archive.org/web/20141224120458/http://www.securityfocus.com/bid/67479
GHSA-ch68-5r37-p7c3		https://github.com/advisories/GHSA-ch68-5r37-p7c3

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.48838
EPSS Score	0.00256
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:03.556811+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-ch68-5r37-p7c3/GHSA-ch68-5r37-p7c3.json	36.1.3