VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-xnmk-jah2-ufce

Vulnerability ID	VCID-xnmk-jah2-ufce
Aliases	CVE-2014-7830 GHSA-j4mr-vc54-h5pc
Summary	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Cross-site scripting (XSS) vulnerability in mod/feedback/mapcourse.php in the Feedback module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to inject arbitrary web script or HTML by leveraging the mod/feedback:mapcourse capability to provide a searchcourse parameter.
Status	Published
Exploitability	None
Weighted Severity	None
Risk	None
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-79	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
There are no known severity scores.

Reference id	Reference type	URL
		http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47865
		http://openwall.com/lists/oss-security/2014/11/17/11
		https://github.com/moodle/moodle/commit/7bb6b84cfd308bad89dc0c3f95ad2fa55b7d25f8
		https://github.com/moodle/moodle/commit/8bf49b7377438a7f259750e2f076c612c0a5d84e
		https://github.com/moodle/moodle/commit/b7f75a9c05c65fb1d2f6391f5dd852f9e923a183
		https://github.com/moodle/moodle/commit/c6b6e5decee4c452b8667f82d7c64f137b687d7c
		https://moodle.org/mod/forum/discuss.php?d=275147
		https://web.archive.org/web/20200228175348/http://www.securityfocus.com/bid/71119
		http://www.securitytracker.com/id/1031215
CVE-2014-7830		https://nvd.nist.gov/vuln/detail/CVE-2014-7830
GHSA-j4mr-vc54-h5pc		https://github.com/advisories/GHSA-j4mr-vc54-h5pc

No exploits are available.

There are no known vectors.

No EPSS data available for this vulnerability.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-02T04:43:03.937812+00:00	GitLab Importer	Import	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/moodle/moodle/CVE-2014-7830.yml	38.6.0