CVE-2015-2269
published 2015-06-01CVE-2015-2269: Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x…
PriorityP418low3.5CVSS 2.0
AVNACMAuSCNIPAN
EXPLOIT
EPSS
3.28%
86.9th percentile
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
Affected
35 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| moodle | moodle | <= 2.5.9 | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
| moodle | moodle | — | — |
CVSS provenance
nvdv2.03.5LOWAV:N/AC:M/Au:S/C:N/I:P/A:N
osv3.5LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Moodle XSS Vulnerability
osv·2022-05-13
CVE-2015-2269 [LOW] Moodle XSS Vulnerability
Moodle XSS Vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
GHSA
Moodle XSS Vulnerability
ghsa·2022-05-13
CVE-2015-2269 [LOW] CWE-79 Moodle XSS Vulnerability
Moodle XSS Vulnerability
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
OSV
CVE-2015-2269: Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static
osv·2015-06-01·CVSS 3.5
CVE-2015-2269 [LOW] CVE-2015-2269: Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static
Multiple cross-site scripting (XSS) vulnerabilities in lib/javascript-static.js in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allow remote authenticated users to inject arbitrary web script or HTML via a (1) alt or (2) title attribute in an IMG element.
No detection rules found.
Bugzilla
CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [fedora-all]
bugzilla·2015-03-18·CVSS 4.0
CVE-2015-2269 [MEDIUM] CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [fedora-all]
CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
Bugzilla
CVE-2015-2266 CVE-2015-2267 CVE-2015-2268 CVE-2015-2269 CVE-2015-2270 CVE-2015-2271 CVE-2015-2272 CVE-2015-2273 multiple flaws in moodle
bugzilla·2015-03-18·CVSS 4.0
CVE-2015-2266 [MEDIUM] CVE-2015-2266 CVE-2015-2267 CVE-2015-2268 CVE-2015-2269 CVE-2015-2270 CVE-2015-2271 CVE-2015-2272 CVE-2015-2273 multiple flaws in moodle
CVE-2015-2266 CVE-2015-2267 CVE-2015-2268 CVE-2015-2269 CVE-2015-2270 CVE-2015-2271 CVE-2015-2272 CVE-2015-2273 multiple flaws in moodle
The following issues have been identified in Moodle:
MSA-15-0010: Personal contacts and number of unread messages can be revealed
Description: By modifying URL a logged in user can view the list of
another user's contacts, number of unread messages and list
of their courses.
Issue summary: Personal contacts and number of unread messages can be
revealed
Severity/Risk: Minor
Versions affected: 2.8 to 2.8.3, 2.7 to 2.7.5, 2.6 to 2.6.8 and earlier
unsupported versions
Versions fixed: 2.8.4, 2.7.6 and 2.6.9
Reported by: Barry Oosthuizen
Issue no.: MDL-49204
Workaround: Disable messaging on site
CVE identifier: CVE-2015-2266
Changes (master):
http://git.mood
Bugzilla
CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [epel-6]
bugzilla·2015-03-18·CVSS 4.0
CVE-2015-2269 [MEDIUM] CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [epel-6]
CVE-2015-2269 CVE-2015-2268 CVE-2015-2267 CVE-2015-2266 CVE-2015-2272 CVE-2015-2273 CVE-2015-2270 CVE-2015-2271 moodle: multiple flaws in moodle [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of Fedora EPEL.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144http://openwall.com/lists/oss-security/2015/03/16/1https://moodle.org/mod/forum/discuss.php?d=307383http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49144http://openwall.com/lists/oss-security/2015/03/16/1https://moodle.org/mod/forum/discuss.php?d=307383
2015-06-01
Published