Search for vulnerabilities
Vulnerability details: VCID-w5s9-wjpe-bkc1
Vulnerability ID VCID-w5s9-wjpe-bkc1
Aliases CVE-2013-7341
GHSA-j6c3-3c4w-qv8p
Summary Moodle cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (3)
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.49074
EPSS Score 0.00258
Published At June 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-01T12:27:42.590891+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-j6c3-3c4w-qv8p/GHSA-j6c3-3c4w-qv8p.json 36.1.3