CVE-2014-3544 Information

Feb 14, 2021 cve

Description

Cross-site scripting (XSS) vulnerability in user/profile.php in Moodle through 2.3.11 2.4.x before 2.4.11 2.5.x before 2.5.7 2.6.x before 2.6.4 and 2.7.x before 2.7.1 allows remote authenticated users to inject arbitrary web script or HTML via the Skype ID profile field.

Reference

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45683 http://openwall.com/lists/oss-security/2014/07/21/1 http://osandamalith.wordpress.com/2014/07/25/moodle-2-7-persistent-xss/ http://osvdb.org/show/osvdb/109337 http://packetstormsecurity.com/files/127624/Moodle-2.7-Cross-Site-Scripting.html http://www.exploit-db.com/exploits/34169 http://www.securityfocus.com/bid/68756 https://github.com/moodle/moodle/commit/ce5a785b0962c3c94c7a7b0d36176482d21db95d https://moodle.org/mod/forum/discuss.php?d=264265

Share on: