Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-emu7-jhv2-zqb8
Vulnerability ID VCID-emu7-jhv2-zqb8
Aliases CVE-2015-3274
GHSA-f7qm-q26p-6rr2
Summary Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.
Status Published
Exploitability None
Weighted Severity None
Risk None
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
There are no known severity scores.
Reference id Reference type URL
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
http://openwall.com/lists/oss-security/2015/07/13/2
https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8
https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36
https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b
https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7
https://moodle.org/mod/forum/discuss.php?d=316664
https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
CVE-2015-3274 https://nvd.nist.gov/vuln/detail/CVE-2015-3274
GHSA-f7qm-q26p-6rr2 https://github.com/advisories/GHSA-f7qm-q26p-6rr2
No exploits are available.
There are no known vectors.

No EPSS data available for this vulnerability.

Date Actor Action Source VulnerableCode Version
2026-06-02T04:43:00.681501+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3274.yml 38.6.0