CVE-2015-3174 Common Vulnerabilities and Exposures

Upstream information

CVE-2015-3174 at MITRE

Description

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
	National Vulnerability Database
Base Score	3.5
Vector	AV:N/AC:M/Au:S/C:N/I:P/A:N
Access Vector	Network
Access Complexity	Medium
Authentication	Single
Confidentiality Impact	None
Integrity Impact	Partial
Availability Impact	None

SUSE Bugzilla entry: 931411 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

SUSE Timeline for this CVE

CVE page created: Mon May 18 17:36:23 2015
CVE page last modified: Fri Oct 7 12:47:07 2022