Home > Vulnerability Database > CVE-2015-3178

Mend.io Vulnerability Database

CVE-2015-3178

Good to know:

Date: June 1, 2015

Cross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.

Language: PHP

Severity Score

3.1

Related Resources (16)

Url: https://moodle.org/mod/forum/discuss.php?d=313685

Url: http://www.securityfocus.com/bid/74726

Url: https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726

Url: https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5

Url: http://www.securitytracker.com/id/1032358

Url: https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-3178

Url: https://github.com/moodle/moodle

Url: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718

Url: https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358

Url: https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b

Url: http://openwall.com/lists/oss-security/2015/05/18/1

Url: https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749

Url: https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78

Url: https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f

Url: https://www.mend.io/vulnerability-database/CVE-2015-3178

Severity Score

3.1

Weakness Type (CWE)

Cross-Site Scripting (XSS)

CWE-79

Top Fix

Upgrade Version

Upgrade to version 2.6.11,2.7.8,2.8.6

Learn More

CVSS v3.1

Base Score:	3.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

CVSS v2

Base Score:	3.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	SINGLE
Confidentiality (C):	NONE
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2015-3178

Good to know:

Date: June 1, 2015

Language: PHP

Severity Score

Related Resources (16)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?