VulnerableCode Vulnerability Details - VCID-tqde-42wn-mqbm

Search for vulnerabilities

Vulnerability details: VCID-tqde-42wn-mqbm

Essentials
Severities (12)
References (11)
Severity details (10)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-tqde-42wn-mqbm
Aliases	CVE-2015-2273 GHSA-w77v-xpxr-c6pv
Summary	Moodle cross-site scripting (XSS) vulnerability Cross-site scripting (XSS) vulnerability in mod/quiz/report/statistics/statistics_question_table.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the student role for a crafted quiz response.
Status	Published
Exploitability	0.5
Weighted Severity	2.7
Risk	1.4
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	LOW	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
generic_textual	LOW	http://openwall.com/lists/oss-security/2015/03/16/1
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2015-2273
epss	0.00209	https://api.first.org/data/v1/epss?cve=CVE-2015-2273
cvssv3.1_qr	LOW	https://github.com/advisories/GHSA-w77v-xpxr-c6pv
generic_textual	LOW	https://github.com/moodle/moodle
generic_textual	LOW	https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e
generic_textual	LOW	https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7
generic_textual	LOW	https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f
generic_textual	LOW	https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b
generic_textual	LOW	https://moodle.org/mod/forum/discuss.php?d=307387
generic_textual	LOW	https://nvd.nist.gov/vuln/detail/CVE-2015-2273

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49364
		http://openwall.com/lists/oss-security/2015/03/16/1
		https://api.first.org/data/v1/epss?cve=CVE-2015-2273
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/71aeb8a9cb4cf06f0b4aa49daf527e5c866db30e
		https://github.com/moodle/moodle/commit/8b6fcfa958204c6f26c410b9a9757612b326b6c7
		https://github.com/moodle/moodle/commit/ceab40d186e241a9c239392954c6afdc3e2c3a4f
		https://github.com/moodle/moodle/commit/f1fb96b698876bece46e8606b3c6c78889265e2b
		https://moodle.org/mod/forum/discuss.php?d=307387
		https://nvd.nist.gov/vuln/detail/CVE-2015-2273
GHSA-w77v-xpxr-c6pv		https://github.com/advisories/GHSA-w77v-xpxr-c6pv

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.43543
EPSS Score	0.00209
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:14.273203+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w77v-xpxr-c6pv/GHSA-w77v-xpxr-c6pv.json	36.1.3