CVE-2013-7341 — Cross-site Scripting in Moodle

CWE-79 — Cross-site Scripting8 documents6 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 50.73%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Moodle Typo3 CMS Flowplayer Flash

Timeline

PublishedMar 24

Latest updateMay 17

Description

Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote attackers to inject arbitrary web script or HTML by (1) providing a crafted playerId or (2) referencing an external domain, a related issue to CVE-2013-7342.

CVSS vector

AV:N/AC:M/C:N/I:P/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDflowplayer/flowplayer_flash3.2.16+29

▶Packagistmoodle/moodle2.5.0 — 2.5.5+2

▶NVDmoodle/moodle2.3.11+60

▶Packagisttypo3/cms6.2.0 — 6.2.14+1

🔴Vulnerability Details

GHSA

GHSA-pw7f-5h97-w3r9: Cross-site scripting (XSS) vulnerability in flowplayer↗2022-05-17

▶

OSV

Moodle cross-site scripting (XSS) vulnerabilities↗2022-05-13

▶

GHSA

Moodle cross-site scripting (XSS) vulnerabilities↗2022-05-13

▶

OSV

CVE-2013-7341: Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3↗2014-03-24

▶

CVEList

CVE-2013-7341: Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3↗2014-03-22

▶

💬Community

Bugzilla

CVE-2014-0127 CVE-2014-0122 CVE-2014-0123 CVE-2014-0124 CVE-2014-0125 CVE-2014-0126 CVE-2014-0129 CVE-2013-7341 CVE-2014-2571 CVE-2014-2572 moodle: upstream 2.6.2, 2.5.5, and 2.4.9 fixes↗2014-03-18

▶