VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-uvgt-7m5a-xkdc

Vulnerability ID	VCID-uvgt-7m5a-xkdc
Aliases	CVE-2014-9059 GHSA-crcq-pw8h-9xwf
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to conduct cross-site scripting (XSS) attacks via UTF-7 characters during interaction with AJAX scripts.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47966
		https://github.com/moodle/moodle/commit/0a0145c5e8041aadeff303a9f9984c86706b4e42
		https://github.com/moodle/moodle/commit/293e4bbcb71f0a801c2539ea051c58688314b23a
		https://github.com/moodle/moodle/commit/3c98b7a5ad1bb596a738e550fc3bf966d6415fe0
		https://github.com/moodle/moodle/commit/ac6e453d11024bf6ad99ada1bfc641c6b91ebed6
		https://moodle.org/mod/forum/discuss.php?d=275146
		https://web.archive.org/web/20150914064838/http://www.securitytracker.com/id/1031215
		https://web.archive.org/web/20200229043651/http://www.securityfocus.com/bid/71133
		http://www.securitytracker.com/id/1031215
CVE-2014-9059		https://nvd.nist.gov/vuln/detail/CVE-2014-9059
GHSA-crcq-pw8h-9xwf		https://github.com/advisories/GHSA-crcq-pw8h-9xwf

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:30.891396+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-9059.yml	38.6.0