VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-ucg8-htfc-2bhn

Vulnerability ID	VCID-ucg8-htfc-2bhn
Aliases	CVE-2014-3544 GHSA-c9jp-244j-vh78
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683
		http://openwall.com/lists/oss-security/2014/07/21/1
		http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/
		http://osvdb.org/show/osvdb/109337
		http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html
		https://github.com/moodle/moodle/commit/0207466e778baebff21c7b72bc688761f9c5b0d9
		https://github.com/moodle/moodle/commit/739d227c58886e9a1be1426ed66053f1d37ee9a9
		https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d
		https://github.com/moodle/moodle/commit/f7b6562f20f6af4119c7775477cffbaa83229f74
		https://moodle.org/mod/forum/discuss.php?d=264265
		http://www.exploit-db.com/exploits/34169
		http://www.securityfocus.com/bid/68756
CVE-2014-3544		https://nvd.nist.gov/vuln/detail/CVE-2014-3544
GHSA-c9jp-244j-vh78		https://github.com/advisories/GHSA-c9jp-244j-vh78

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:43.574573+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-3544.yml	38.6.0