VulnerableCode Vulnerability Details - VCID-kgtb-s2y4-juh8

Search for vulnerabilities

Vulnerability details: VCID-kgtb-s2y4-juh8

Essentials
Severities (14)
References (13)
Severity details (12)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-kgtb-s2y4-juh8
Aliases	CVE-2013-1833 GHSA-89f3-74m6-g27g
Summary	Moodle Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
generic_textual	LOW	http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
generic_textual	LOW	http://openwall.com/lists/oss-security/2013/03/25/2
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2013-1833
epss	0.00208	https://api.first.org/data/v1/epss?cve=CVE-2013-1833
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-89f3-74m6-g27g
generic_textual	LOW	https://github.com/moodle/moodle
generic_textual	LOW	https://github.com/moodle/moodle/commit/75822af579ec07cca1c6781a7c989625dcdd5463
generic_textual	LOW	https://github.com/moodle/moodle/commit/93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce
generic_textual	LOW	https://github.com/moodle/moodle/commit/954b35451112c333c0ae77dff25dafbf41587c26
generic_textual	LOW	https://github.com/moodle/moodle/commit/ca2a7956b2957d8495e154409694d205bb4ae3ef
generic_textual	LOW	https://moodle.org/mod/forum/discuss.php?d=225344
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2013-1833

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
		http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
		http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
		http://openwall.com/lists/oss-security/2013/03/25/2
		https://api.first.org/data/v1/epss?cve=CVE-2013-1833
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/75822af579ec07cca1c6781a7c989625dcdd5463
		https://github.com/moodle/moodle/commit/93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce
		https://github.com/moodle/moodle/commit/954b35451112c333c0ae77dff25dafbf41587c26
		https://github.com/moodle/moodle/commit/ca2a7956b2957d8495e154409694d205bb4ae3ef
		https://moodle.org/mod/forum/discuss.php?d=225344
		https://nvd.nist.gov/vuln/detail/CVE-2013-1833
GHSA-89f3-74m6-g27g		https://github.com/advisories/GHSA-89f3-74m6-g27g

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.43402
EPSS Score	0.00208
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:12.220057+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-89f3-74m6-g27g/GHSA-89f3-74m6-g27g.json	36.1.3