VulnerableCode Vulnerability Details - VCID-k6jp-1vuq-3yhq

Search for vulnerabilities

Vulnerability details: VCID-k6jp-1vuq-3yhq

Essentials
Severities (17)
References (17)
Severity details (15)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-k6jp-1vuq-3yhq
Aliases	CVE-2014-3544 GHSA-c9jp-244j-vh78
Summary	Moodle cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
generic_textual	LOW	http://openwall.com/lists/oss-security/2014/07/21/1
generic_textual	LOW	http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss
generic_textual	LOW	http://osvdb.org/show/osvdb/109337
generic_textual	LOW	http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html
epss	0.00956	https://api.first.org/data/v1/epss?cve=CVE-2014-3544
epss	0.00956	https://api.first.org/data/v1/epss?cve=CVE-2014-3544
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-c9jp-244j-vh78
generic_textual	LOW	https://github.com/moodle/moodle
generic_textual	LOW	https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9
generic_textual	LOW	https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9
generic_textual	LOW	https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d
generic_textual	LOW	https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74
generic_textual	LOW	https://moodle.org/mod/forum/discuss.php?d=264265
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2014-3544
generic_textual	LOW	http://www.exploit-db.com/exploits/34169
generic_textual	LOW	http://www.securityfocus.com/bid/68756

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
		http://openwall.com/lists/oss-security/2014/07/21/1
		http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss
		http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/
		http://osvdb.org/show/osvdb/109337
		http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html
		https://api.first.org/data/v1/epss?cve=CVE-2014-3544
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9
		https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9
		https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d
		https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74
		https://moodle.org/mod/forum/discuss.php?d=264265
		https://nvd.nist.gov/vuln/detail/CVE-2014-3544
		http://www.exploit-db.com/exploits/34169
		http://www.securityfocus.com/bid/68756
GHSA-c9jp-244j-vh78		https://github.com/advisories/GHSA-c9jp-244j-vh78

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.75402
EPSS Score	0.00956
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:08.989159+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-c9jp-244j-vh78/GHSA-c9jp-244j-vh78.json	36.1.3