VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-wavt-rrws-3yhs

Vulnerability ID	VCID-wavt-rrws-3yhs
Aliases	CVE-2015-3178 GHSA-9fmw-m4qx-6cq8
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718
		http://openwall.com/lists/oss-security/2015/05/18/1
		https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749
		https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78
		https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5
		https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f
		https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b
		https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6
		https://moodle.org/mod/forum/discuss.php?d=313685
		https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726
		https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358
CVE-2015-3178		https://nvd.nist.gov/vuln/detail/CVE-2015-3178
GHSA-9fmw-m4qx-6cq8		https://github.com/advisories/GHSA-9fmw-m4qx-6cq8

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:42:46.655004+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2015-3178.yml	38.6.0