VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-s5cy-eva4-wbaf

Essentials
Severities (0)
References (23)
Severity details (0)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-s5cy-eva4-wbaf
Aliases	CVE-2014-3551 GHSA-m8f5-9wg8-2c3h
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote authenticated users to inject arbitrary web script or HTML via a crafted (1) qualification or (2) rating field in a rubric.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
		http://openwall.com/lists/oss-security/2014/07/21/1
		https://github.com/moodle/moodle/commit/1f8eb0842835bcd1ea72b2d2982e0b5c8bc133bb
		https://github.com/moodle/moodle/commit/2c0b608cda12540de79aac0ee6952dda2c8ed947
		https://github.com/moodle/moodle/commit/470a466d7f1e0aef030ad2178bbef5a81765c42e
		https://github.com/moodle/moodle/commit/4fc5861cbacdc2f4197faebd3d207d2811e0f09f
		https://github.com/moodle/moodle/commit/555ee08b17dfe09e02391be137f60fe38c0a7865
		https://github.com/moodle/moodle/commit/666248c264642e5ca27601b347fc6913517e2853
		https://github.com/moodle/moodle/commit/68299e6154ae41b7e586904fd1b860cad7f65654
		https://github.com/moodle/moodle/commit/72d1a3ab0b002a9a5f32f3c2b61ffc9fa7f7b789
		https://github.com/moodle/moodle/commit/7f4db6f4d9014370df0265ab846ad76235af0cae
		https://github.com/moodle/moodle/commit/8380722bb11f36d33308580aee169e161d3f2c14
		https://github.com/moodle/moodle/commit/8ecc049f7f020086c1881bdf573af16cf2d9f9c9
		https://github.com/moodle/moodle/commit/98d5566c2270e21cbfaf1f4e8d61039f05d6aae2
		https://github.com/moodle/moodle/commit/b5dacb548800ee10d4940c8ebeca48c3c2ae0512
		https://github.com/moodle/moodle/commit/db5a6e6560c963849f8807184ca32efee6779264
		https://github.com/moodle/moodle/commit/e42b6e20bdd5d6f09bc09be22fd7f20736e27085
		https://github.com/moodle/moodle/commit/eb1381de1dbcce0215dcdd62cfac4fe287beed4e
		https://github.com/moodle/moodle/commit/f25f472be425d6ef8aa587648dafda1bd4d1c5d8
		https://moodle.org/mod/forum/discuss.php?d=264273
		https://web.archive.org/web/20200228170658/http://www.securityfocus.com/bid/68763
CVE-2014-3551		https://nvd.nist.gov/vuln/detail/CVE-2014-3551
GHSA-m8f5-9wg8-2c3h		https://github.com/advisories/GHSA-m8f5-9wg8-2c3h

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:39.122468+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-3551.yml	38.6.0