Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-2y3m-yuaj-vkf2
Vulnerability ID VCID-2y3m-yuaj-vkf2
Aliases CVE-2015-2273
GHSA-w77v-xpxr-c6pv
Summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
http://openwall.com/lists/oss-security/2015/03/16/1
https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e
https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7
https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f
https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b
https://moodle.org/mod/forum/discuss.php?d=307387
CVE-2015-2273 https://nvd.nist.gov/vuln/detail/CVE-2015-2273
GHSA-w77v-xpxr-c6pv https://github.com/advisories/GHSA-w77v-xpxr-c6pv
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:31.712846+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-2273.yml 38.6.0