Search for vulnerabilities
Vulnerability details: VCID-a8yx-3sca-17bp
Vulnerability ID VCID-a8yx-3sca-17bp
Aliases CVE-2014-3551
GHSA-m8f5-9wg8-2c3h
Summary Moodle multiple cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
Status Published
Exploitability 0.5
Weighted Severity 2.7
Risk 1.4
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
generic_textual LOW http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
generic_textual LOW http://openwall.com/lists/oss-security/2014/07/21/1
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2014-3551
epss 0.00341 https://api.first.org/data/v1/epss?cve=CVE-2014-3551
cvssv3.1_qr LOW https://github.com/advisories/GHSA-m8f5-9wg8-2c3h
generic_textual LOW https://github.com/moodle/moodle
generic_textual LOW https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb
generic_textual LOW https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947
generic_textual LOW https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e
generic_textual LOW https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f
generic_textual LOW https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865
generic_textual LOW https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853
generic_textual LOW https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654
generic_textual LOW https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789
generic_textual LOW https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae
generic_textual LOW https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14
generic_textual LOW https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9
generic_textual LOW https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2
generic_textual LOW https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512
generic_textual LOW https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264
generic_textual LOW https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085
generic_textual LOW https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e
generic_textual LOW https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8
generic_textual LOW https://moodle.org/mod/forum/discuss.php?d=264273
generic_textual LOW https://nvd.nist.gov/vuln/detail/CVE-2014-3551
generic_textual LOW https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
http://openwall.com/lists/oss-security/2014/07/21/1
https://api.first.org/data/v1/epss?cve=CVE-2014-3551
https://github.com/moodle/moodle
https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb
https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947
https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e
https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f
https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865
https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853
https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654
https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789
https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae
https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14
https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9
https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2
https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512
https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264
https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085
https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e
https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8
https://moodle.org/mod/forum/discuss.php?d=264273
https://nvd.nist.gov/vuln/detail/CVE-2014-3551
https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763
GHSA-m8f5-9wg8-2c3h https://github.com/advisories/GHSA-m8f5-9wg8-2c3h
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.5609
EPSS Score 0.00341
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:29:46.655336+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-m8f5-9wg8-2c3h/GHSA-m8f5-9wg8-2c3h.json 36.1.3