VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-vfyn-qqwr-8bg1

Essentials
Severities (25)
References (13)
Severity details (23)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-vfyn-qqwr-8bg1
Aliases	CVE-2016-2153 GHSA-mj85-3hqq-r6r9
Summary	Moodle Reflected XSS in mod_data advanced search Cross-site scripting (XSS) vulnerability in the advanced-search feature in mod_data in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL, as demonstrated by a search form field.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.1	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2016-2153
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2016-2153
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-mj85-3hqq-r6r9
cvssv3.1	6.1	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/87e60e529939c60ef5b07d70c37426d359b2e8a2
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/87e60e529939c60ef5b07d70c37426d359b2e8a2
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/8f95eac1634b4d84053cef52a03065e620d6adf2
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/8f95eac1634b4d84053cef52a03065e620d6adf2
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/a5fae3b0d21cc85a7ea2d2c2af8c7fc9acf2fd92
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/a5fae3b0d21cc85a7ea2d2c2af8c7fc9acf2fd92
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/de60fc23aeeef5631d5718469124af3257383ead
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/de60fc23aeeef5631d5718469124af3257383ead
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/ead2dd9c161fcfde04ee1fa602e9101a47c53503
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/ead2dd9c161fcfde04ee1fa602e9101a47c53503
cvssv3.1	6.1	https://moodle.org/mod/forum/discuss.php?d=330175
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=330175
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2016-2153
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2016-2153
cvssv3.1	6.1	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
generic_textual	MODERATE	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
cvssv3.1	6.1	http://www.openwall.com/lists/oss-security/2016/03/21/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2016/03/21/1

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727
		https://api.first.org/data/v1/epss?cve=CVE-2016-2153
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/87e60e529939c60ef5b07d70c37426d359b2e8a2
		https://github.com/moodle/moodle/commit/8f95eac1634b4d84053cef52a03065e620d6adf2
		https://github.com/moodle/moodle/commit/a5fae3b0d21cc85a7ea2d2c2af8c7fc9acf2fd92
		https://github.com/moodle/moodle/commit/de60fc23aeeef5631d5718469124af3257383ead
		https://github.com/moodle/moodle/commit/ead2dd9c161fcfde04ee1fa602e9101a47c53503
		https://moodle.org/mod/forum/discuss.php?d=330175
		https://nvd.nist.gov/vuln/detail/CVE-2016-2153
		https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
		http://www.openwall.com/lists/oss-security/2016/03/21/1
GHSA-mj85-3hqq-r6r9		https://github.com/advisories/GHSA-mj85-3hqq-r6r9

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52727

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/87e60e529939c60ef5b07d70c37426d359b2e8a2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/8f95eac1634b4d84053cef52a03065e620d6adf2

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/a5fae3b0d21cc85a7ea2d2c2af8c7fc9acf2fd92

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/de60fc23aeeef5631d5718469124af3257383ead

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/ead2dd9c161fcfde04ee1fa602e9101a47c53503

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=330175

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2153

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2016/03/21/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.57297
EPSS Score	0.00359
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:29:00.662061+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mj85-3hqq-r6r9/GHSA-mj85-3hqq-r6r9.json	36.1.3