Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-czph-uxwr-5uge
Vulnerability ID VCID-czph-uxwr-5uge
Aliases CVE-2014-3547
GHSA-hwjv-mc78-cccj
Summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
http://openwall.com/lists/oss-security/2014/07/21/1
https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88
https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7
https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987
https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234
https://moodle.org/mod/forum/discuss.php?d=264269
http://www.securityfocus.com/bid/68758
CVE-2014-3547 https://nvd.nist.gov/vuln/detail/CVE-2014-3547
GHSA-hwjv-mc78-cccj https://github.com/advisories/GHSA-hwjv-mc78-cccj
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:42:29.944574+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-3547.yml 38.6.0