VulnerableCode Vulnerability Details - VCID-wve1-8q2j-jfc5

Search for vulnerabilities

Vulnerability details: VCID-wve1-8q2j-jfc5

Essentials
Severities (13)
References (12)
Severity details (11)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-wve1-8q2j-jfc5
Aliases	CVE-2014-3548 GHSA-f66h-6mj2-rwj2
Summary	Moodle multiple cross-site scripting (XSS) vulnerabilities Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger an AJAX exception dialog.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
generic_textual	MODERATE	http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
generic_textual	MODERATE	http://openwall.com/lists/oss-security/2014/07/21/1
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2014-3548
epss	0.00256	https://api.first.org/data/v1/epss?cve=CVE-2014-3548
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-f66h-6mj2-rwj2
generic_textual	MODERATE	https://github.com/moodle/moodle
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe
generic_textual	MODERATE	https://github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e
generic_textual	MODERATE	https://moodle.org/mod/forum/discuss.php?d=264270
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2014-3548
generic_textual	MODERATE	https://web.archive.org/web/20200228161543/http://www.securityfocus.com/bid/68766

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
		http://openwall.com/lists/oss-security/2014/07/21/1
		https://api.first.org/data/v1/epss?cve=CVE-2014-3548
		https://github.com/moodle/moodle
		https://github.com/moodle/moodle/commit/166e18d7cbb36d58d08a2783edd98284d5a3b98a
		https://github.com/moodle/moodle/commit/53ca351f7af8d80a0ff0aba27a1c278fb731d288
		https://github.com/moodle/moodle/commit/6eb787b873f5d3718dc8a74f798ee528d600d8fe
		https://github.com/moodle/moodle/commit/a1ae35173b54ed0c2c3736dfa78cad9899a55d4e
		https://moodle.org/mod/forum/discuss.php?d=264270
		https://nvd.nist.gov/vuln/detail/CVE-2014-3548
		https://web.archive.org/web/20200228161543/http://www.securityfocus.com/bid/68766
GHSA-f66h-6mj2-rwj2		https://github.com/advisories/GHSA-f66h-6mj2-rwj2

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.48838
EPSS Score	0.00256
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:26:49.618906+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-f66h-6mj2-rwj2/GHSA-f66h-6mj2-rwj2.json	36.1.3