VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-f6ck-gue9-6kac

Essentials
Severities (25)
References (13)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-f6ck-gue9-6kac
Aliases	CVE-2015-5336 GHSA-grvw-qq2j-r898
Summary	Moodle multiple cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	5.4	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
epss	0.00227	https://api.first.org/data/v1/epss?cve=CVE-2015-5336
epss	0.00227	https://api.first.org/data/v1/epss?cve=CVE-2015-5336
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-grvw-qq2j-r898
cvssv3.1	5.4	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9
cvssv3.1	5.4	https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe
cvssv3.1	5.4	https://moodle.org/mod/forum/discuss.php?d=323231
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=323231
cvssv3.1	5.4	https://nvd.nist.gov/vuln/detail/CVE-2015-5336
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2015-5336

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
		https://api.first.org/data/v1/epss?cve=CVE-2015-5336
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223
		https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88
		https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6
		https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951
		https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0
		https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9
		https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe
		https://moodle.org/mod/forum/discuss.php?d=323231
		https://nvd.nist.gov/vuln/detail/CVE-2015-5336
GHSA-grvw-qq2j-r898		https://github.com/advisories/GHSA-grvw-qq2j-r898

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=323231

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2015-5336

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.45446
EPSS Score	0.00227
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:39.678699+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-grvw-qq2j-r898/GHSA-grvw-qq2j-r898.json	36.1.3