VulnerableCode Vulnerability Details - VCID-8a4a-pz1v-zua5

Search for vulnerabilities

Vulnerability details: VCID-8a4a-pz1v-zua5

Essentials
Severities (16)
References (15)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-8a4a-pz1v-zua5
Aliases	CVE-2015-3178 GHSA-9fmw-m4qx-6cq8
Summary	Moodle cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718
generic_textual	LOW	http://openwall.com/lists/oss-security/2015/05/18/1
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2015-3178
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2015-3178
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-9fmw-m4qx-6cq8
generic_textual	LOW	https://github.com/moodle/moodle
generic_textual	LOW	https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749
generic_textual	LOW	https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78
generic_textual	LOW	https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5
generic_textual	LOW	https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f
generic_textual	LOW	https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b
generic_textual	LOW	https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6
generic_textual	LOW	https://moodle.org/mod/forum/discuss.php?d=313685
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2015-3178
generic_textual	LOW	https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726
generic_textual	LOW	https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718
		http://openwall.com/lists/oss-security/2015/05/18/1
		https://api.first.org/data/v1/epss?cve=CVE-2015-3178
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749
		https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78
		https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5
		https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f
		https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b
		https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6
		https://moodle.org/mod/forum/discuss.php?d=313685
		https://nvd.nist.gov/vuln/detail/CVE-2015-3178
		https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726
		https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358
GHSA-9fmw-m4qx-6cq8		https://github.com/advisories/GHSA-9fmw-m4qx-6cq8

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.43402
EPSS Score	0.00208
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:57.413089+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-9fmw-m4qx-6cq8/GHSA-9fmw-m4qx-6cq8.json	36.1.3