VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-t214-wxz7-a3df

Vulnerability ID	VCID-t214-wxz7-a3df
Aliases	CVE-2015-5336 GHSA-grvw-qq2j-r898
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49940
		https://github.com/moodle/moodle/commit/12c232df76885effa5ebac08e3094d6db5aa9223
		https://github.com/moodle/moodle/commit/31d0bf81af079bc285ea439ac5160f9e45697c88
		https://github.com/moodle/moodle/commit/48d8989f13a6320c54b05f7d3ea552356cf85ed6
		https://github.com/moodle/moodle/commit/86cec86942c1cfcb92b840afd18deed9b9a34951
		https://github.com/moodle/moodle/commit/b4f4232e1cf76334e4b8dda9cf68962b121e6bc0
		https://github.com/moodle/moodle/commit/f03ec4ce85b3d361429d9f66dbbb478a353640c9
		https://github.com/moodle/moodle/commit/fd14d2902fab15fa6affecc427bb11d3869d9afe
		https://moodle.org/mod/forum/discuss.php?d=323231
CVE-2015-5336		https://nvd.nist.gov/vuln/detail/CVE-2015-5336
GHSA-grvw-qq2j-r898		https://github.com/advisories/GHSA-grvw-qq2j-r898

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:35.915841+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-5336.yml	38.6.0