CVE-2014-3544
published 2014-07-29CVE-2014-3544: Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x…
PriorityP421low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
4.67%
90.6th percentile
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
Affected
40 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | tomcat | — | — |
| moodle | moodle | <= 2.3.11 | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
vendor_apache5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Moodle cross-site scripting (XSS) vulnerability
ghsa·2022-05-13
CVE-2014-3544 [LOW] CWE-79 Moodle cross-site scripting (XSS) vulnerability
Moodle cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
OSV
Moodle cross-site scripting (XSS) vulnerability
osv·2022-05-13
CVE-2014-3544 [LOW] Moodle cross-site scripting (XSS) vulnerability
Moodle cross-site scripting (XSS) vulnerability
Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.
Apache
Apache tomcat: CVE-2012-3544
vendor_apache·CVSS 5.0
CVE-2012-3544 [MEDIUM] Apache tomcat: CVE-2012-3544
Apache tomcat: CVE-2012-3544
was not complete. It did not cover the following cases: chunk extensions were not limited whitespace after the : in a trailing header was not limited This was fixed in revisions 1521834 and 1549522 . The first part of this issue was identified by the Apache Tomcat security team on 27 August 2013 and the second part by Saran Neti of TELUS Security Labs on 5 November 2013. It was made public on 25 February 2014. Affects: 8.0.0-RC1 to 8.0.0-RC5 Low: Information disclosure
No detection rules found.
No writeups or analysis indexed.
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683http://openwall.com/lists/oss-security/2014/07/21/1http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/http://osvdb.org/show/osvdb/109337http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.htmlhttp://www.exploit-db.com/exploits/34169http://www.securityfocus.com/bid/68756https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95dhttps://moodle.org/mod/forum/discuss.php?d=264265http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683http://openwall.com/lists/oss-security/2014/07/21/1http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/http://osvdb.org/show/osvdb/109337http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.htmlhttp://www.exploit-db.com/exploits/34169http://www.securityfocus.com/bid/68756https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95dhttps://moodle.org/mod/forum/discuss.php?d=264265
2014-07-29
Published