VulnerableCode Vulnerability Details - VCID-e7yy-bm4y-tyhy

Search for vulnerabilities

Vulnerability details: VCID-e7yy-bm4y-tyhy

Essentials
Severities (14)
References (13)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-e7yy-bm4y-tyhy
Aliases	CVE-2014-7830 GHSA-j4mr-vc54-h5pc
Summary	Moodle cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
generic_textual	LOW	http://openwall.com/lists/oss-security/2014/11/17/11
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2014-7830
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2014-7830
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-j4mr-vc54-h5pc
generic_textual	LOW	https://github.com/moodle/moodle
generic_textual	LOW	https://github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8
generic_textual	LOW	https://github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e
generic_textual	LOW	https://github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183
generic_textual	LOW	https://github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c
generic_textual	LOW	https://moodle.org/mod/forum/discuss.php?d=275147
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2014-7830
generic_textual	LOW	https://web.archive.org/web/20200228175348/http://www.securityfocus.com/bid/71119
generic_textual	LOW	http://www.securitytracker.com/id/1031215

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
		http://openwall.com/lists/oss-security/2014/11/17/11
		https://api.first.org/data/v1/epss?cve=CVE-2014-7830
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8
		https://github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e
		https://github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183
		https://github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c
		https://moodle.org/mod/forum/discuss.php?d=275147
		https://nvd.nist.gov/vuln/detail/CVE-2014-7830
		https://web.archive.org/web/20200228175348/http://www.securityfocus.com/bid/71119
		http://www.securitytracker.com/id/1031215
GHSA-j4mr-vc54-h5pc		https://github.com/advisories/GHSA-j4mr-vc54-h5pc

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.43402
EPSS Score	0.00208
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:27:30.744149+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j4mr-vc54-h5pc/GHSA-j4mr-vc54-h5pc.json	36.1.3