VulnerableCode Vulnerability Details - VCID-u24f-x23p-a7ay

Search for vulnerabilities

Vulnerability details: VCID-u24f-x23p-a7ay

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-u24f-x23p-a7ay
Aliases	CVE-2014-3547 GHSA-hwjv-mc78-cccj
Summary	Moodle multiple cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/07/21/1
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2014-3547
epss	0.00285	https://api.first.org/data/v1/epss?cve=CVE-2014-3547
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-hwjv-mc78-cccj
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=264269
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-3547
generic_textual	MODERATE	http://www.securityfocus.com/bid/68758

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46042
		http://openwall.com/lists/oss-security/2014/07/21/1
		https://api.first.org/data/v1/epss?cve=CVE-2014-3547
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88
		https://github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7
		https://github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987
		https://github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234
		https://moodle.org/mod/forum/discuss.php?d=264269
		https://nvd.nist.gov/vuln/detail/CVE-2014-3547
		http://www.securityfocus.com/bid/68758
GHSA-hwjv-mc78-cccj		https://github.com/advisories/GHSA-hwjv-mc78-cccj

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.51609
EPSS Score	0.00285
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:28:23.287269+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-hwjv-mc78-cccj/GHSA-hwjv-mc78-cccj.json	36.1.3