Search for vulnerabilities
Vulnerability details: VCID-4k5d-kee9-zqhv
Vulnerability ID VCID-4k5d-kee9-zqhv
Aliases CVE-2014-9059
GHSA-crcq-pw8h-9xwf
Summary Moodle does not provide charset information in HTTP headers lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual MODERATE http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2014-9059
epss 0.0032 https://api.first.org/data/v1/epss?cve=CVE-2014-9059
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-crcq-pw8h-9xwf
generic_textual MODERATE https://github.com/moodle/moodle
generic_textual MODERATE https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42
generic_textual MODERATE https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a
generic_textual MODERATE https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0
generic_textual MODERATE https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6
generic_textual MODERATE https://moodle.org/mod/forum/discuss.php?d=275146
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2014-9059
generic_textual MODERATE https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
generic_textual MODERATE https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133
generic_textual MODERATE http://www.securitytracker.com/id/1031215
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
https://api.first.org/data/v1/epss?cve=CVE-2014-9059
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42
https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a
https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0
https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6
https://moodle.org/mod/forum/discuss.php?d=275146
https://nvd.nist.gov/vuln/detail/CVE-2014-9059
https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133
http://www.securitytracker.com/id/1031215
GHSA-crcq-pw8h-9xwf https://github.com/advisories/GHSA-crcq-pw8h-9xwf
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.54418
EPSS Score 0.0032
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:27:58.741169+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-crcq-pw8h-9xwf/GHSA-crcq-pw8h-9xwf.json 36.1.3