VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-wgen-tp3a-ufhu

Essentials
Severities (33)
References (17)
Severity details (31)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-wgen-tp3a-ufhu
Aliases	CVE-2016-2152 GHSA-6mxm-wpqv-675h
Summary	Moodle XSS from profile fields from external db Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
cvssv3.1	6.1	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2016-2152
epss	0.00359	https://api.first.org/data/v1/epss?cve=CVE-2016-2152
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-6mxm-wpqv-675h
cvssv3.1	6.1	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20
cvssv3.1	6.1	https://github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d
cvssv3.1	6.1	https://moodle.org/mod/forum/discuss.php?d=330174
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=330174
cvssv3.1	6.1	https://nvd.nist.gov/vuln/detail/CVE-2016-2152
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2016-2152
cvssv3.1	6.1	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
generic_textual	MODERATE	https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
cvssv3.1	6.1	http://www.openwall.com/lists/oss-security/2016/03/21/1
generic_textual	MODERATE	http://www.openwall.com/lists/oss-security/2016/03/21/1

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705
		https://api.first.org/data/v1/epss?cve=CVE-2016-2152
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657
		https://github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055
		https://github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1
		https://github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897
		https://github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349
		https://github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c
		https://github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b
		https://github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20
		https://github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d
		https://moodle.org/mod/forum/discuss.php?d=330174
		https://nvd.nist.gov/vuln/detail/CVE-2016-2152
		https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
		http://www.openwall.com/lists/oss-security/2016/03/21/1
GHSA-6mxm-wpqv-675h		https://github.com/advisories/GHSA-6mxm-wpqv-675h

No exploits are available.

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/3b214760fb51ae2b0c85bbb2b272b9bc7c164657

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/4db8407d3eaba17a8d3f81957b8e93e9f2554055

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/4ee7394c8bfa95a63428385b542c2066cd2d8ea1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/54d6ee8c0874d72705ffa4c7c17d7c90bc16c897

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/61da84e4148aa1de83a6389eb77abf3bbf09a349

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/82d0c0b5218e9ceb35a4e24b4a4e1e2e9cfc840c

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/ce597604763272396e5cb8ec93859a8568020b8b

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/d9d8e9c3fe92c5f25e319a38fe5617088965ad20

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://github.com/moodle/moodle/commit/f4fcb1c4f76488d4571d3d265efce3813676c45d

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://moodle.org/mod/forum/discuss.php?d=330174

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2016-2152

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Found at http://www.openwall.com/lists/oss-security/2016/03/21/1

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.57297
EPSS Score	0.00359
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:28.728697+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6mxm-wpqv-675h/GHSA-6mxm-wpqv-675h.json	36.1.3