cvelistv5 - cve-2017-2578

CVE-2017-2578 (GCVE-0-2017-2578)

Vulnerability from cvelistv5 – Published: 2017-01-20 08:39 – Updated: 2024-08-05 13:55

Summary

In Moodle 3.x, there is XSS in the assignment submission page.

Severity ?

No CVSS data available.

CWE

unspecified

Assigner

redhat

References

URL

Tags

	https://moodle.org/mod/forum/discuss.php?d=345915	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/95647	vdb-entryx_refsource_BID

Impacted products

	Vendor	Product	Version
	n/a	Moodle 3.x	Affected: Moodle 3.x

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T13:55:06.094Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
          },
          {
            "name": "95647",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/95647"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Moodle 3.x",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "Moodle 3.x"
            }
          ]
        }
      ],
      "datePublic": "2017-01-20T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "In Moodle 3.x, there is XSS in the assignment submission page."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "unspecified",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-01-20T10:57:01",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
        },
        {
          "name": "95647",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/95647"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-2578",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Moodle 3.x",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "Moodle 3.x"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "In Moodle 3.x, there is XSS in the assignment submission page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "unspecified"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://moodle.org/mod/forum/discuss.php?d=345915",
              "refsource": "CONFIRM",
              "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
            },
            {
              "name": "95647",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/95647"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2017-2578",
    "datePublished": "2017-01-20T08:39:00",
    "dateReserved": "2016-12-01T00:00:00",
    "dateUpdated": "2024-08-05T13:55:06.094Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"0033EC68-98DB-42E6-A256-EFA05F6EC72E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"A1F5E2DD-495F-4C4E-92B9-5481D432BC12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"16158B28-FE97-4BF3-BCDF-D754B5158825\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C8B58722-61EF-4283-A434-A022583C528A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"27EC92C0-87A6-4D86-B940-C907EC4153ED\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"798441F2-2FE1-4335-A87C-08067C411718\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2479F7AE-8DC6-45CE-99E5-5063FE854635\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"03AE2C05-6EC3-42FA-82BC-48177EC2BD72\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*\", \"matchCriteriaId\": \"3A427510-6E46-4D0D-9BA6-C7D496D5FC13\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"B3F6B28F-694A-4F7B-AB46-3F733C2423EF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"53C84D53-E3E6-4FEA-A5EE-EFF793A24163\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"AC0A7BB8-AE92-454F-976B-4C851A3AB50F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*\", \"matchCriteriaId\": \"294BD385-E050-4124-80BE-28A48D893DF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*\", \"matchCriteriaId\": \"842BB818-567E-4D57-9D21-5992244B4C8A\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"In Moodle 3.x, there is XSS in the assignment submission page.\"}, {\"lang\": \"es\", \"value\": \"En Moodle 3.x, hay XSS en la p\\u00e1gina de env\\u00edo de asignaciones.\"}]",
      "id": "CVE-2017-2578",
      "lastModified": "2024-11-21T03:23:45.820",
      "metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 6.1, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 2.7}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2017-01-20T08:59:00.440",
      "references": "[{\"url\": \"http://www.securityfocus.com/bid/95647\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://moodle.org/mod/forum/discuss.php?d=345915\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95647\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://moodle.org/mod/forum/discuss.php?d=345915\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2017-2578\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2017-01-20T08:59:00.440\",\"lastModified\":\"2025-04-20T01:37:25.860\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Moodle 3.x, there is XSS in the assignment submission page.\"},{\"lang\":\"es\",\"value\":\"En Moodle 3.x, hay XSS en la p\u00e1gina de env\u00edo de asignaciones.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":2.7}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0033EC68-98DB-42E6-A256-EFA05F6EC72E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"A1F5E2DD-495F-4C4E-92B9-5481D432BC12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"16158B28-FE97-4BF3-BCDF-D754B5158825\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C8B58722-61EF-4283-A434-A022583C528A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"27EC92C0-87A6-4D86-B940-C907EC4153ED\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"798441F2-2FE1-4335-A87C-08067C411718\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2479F7AE-8DC6-45CE-99E5-5063FE854635\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"03AE2C05-6EC3-42FA-82BC-48177EC2BD72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*\",\"matchCriteriaId\":\"3A427510-6E46-4D0D-9BA6-C7D496D5FC13\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B3F6B28F-694A-4F7B-AB46-3F733C2423EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"53C84D53-E3E6-4FEA-A5EE-EFF793A24163\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"AC0A7BB8-AE92-454F-976B-4C851A3AB50F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"294BD385-E050-4124-80BE-28A48D893DF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"842BB818-567E-4D57-9D21-5992244B4C8A\"}]}]}],\"references\":[{\"url\":\"http://www.securityfocus.com/bid/95647\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://moodle.org/mod/forum/discuss.php?d=345915\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95647\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://moodle.org/mod/forum/discuss.php?d=345915\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2017-AVI-014

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Moodle. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une atteinte à la confidentialité des données et une injection de code indirecte à distance (XSS).

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moodle	N/A	2.7 à 2.7.17, 2.8 à 2.8.12 et 2.9 à 2.9.9
	Moodle	N/A	3.0 à 3.0.7, 3.1 à 3.1.3 et 3.2

References

Title

Publication Time

Tags

Bulletin de sécurité Moodle MSA-17-0002 du 17 janvier 2017	None	vendor-advisory
Bulletin de sécurité Moodle MSA-17-0001 du 17 janvier 2017	None	vendor-advisory
Bulletin de sécurité Moodle MSA-17-0004 du 17 janvier 2017	None	vendor-advisory
Bulletin de sécurité Moodle MSA-17-0003 du 17 janvier 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "2.7 \u00e0 2.7.17, 2.8 \u00e0 2.8.12 et 2.9 \u00e0 2.9.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    },
    {
      "description": "3.0 \u00e0 3.0.7, 3.1 \u00e0 3.1.3 et 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2578"
    },
    {
      "name": "CVE-2016-10045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10045"
    },
    {
      "name": "CVE-2017-2576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2576"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-014",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0002 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345912"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0001 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345911"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0004 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0003 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345914"
    }
  ]
}

CERTFR-2017-AVI-014

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Moodle	N/A	2.7 à 2.7.17, 2.8 à 2.8.12 et 2.9 à 2.9.9
	Moodle	N/A	3.0 à 3.0.7, 3.1 à 3.1.3 et 3.2

References

Title

Publication Time

Tags

Bulletin de sécurité Moodle MSA-17-0002 du 17 janvier 2017	None	vendor-advisory
Bulletin de sécurité Moodle MSA-17-0001 du 17 janvier 2017	None	vendor-advisory
Bulletin de sécurité Moodle MSA-17-0004 du 17 janvier 2017	None	vendor-advisory
Bulletin de sécurité Moodle MSA-17-0003 du 17 janvier 2017	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "2.7 \u00e0 2.7.17, 2.8 \u00e0 2.8.12 et 2.9 \u00e0 2.9.9",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    },
    {
      "description": "3.0 \u00e0 3.0.7, 3.1 \u00e0 3.1.3 et 3.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Moodle",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2017-2578",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2578"
    },
    {
      "name": "CVE-2016-10045",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-10045"
    },
    {
      "name": "CVE-2017-2576",
      "url": "https://www.cve.org/CVERecord?id=CVE-2017-2576"
    }
  ],
  "links": [],
  "reference": "CERTFR-2017-AVI-014",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2017-01-17T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Injection de code indirecte \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMoodle\u003c/span\u003e. Elles permettent \u00e0 un attaquant de\nprovoquer une ex\u00e9cution de code arbitraire \u00e0 distance, une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es et une injection de code indirecte \u00e0\ndistance (XSS).\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Moodle",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0002 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345912"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0001 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345911"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0004 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Moodle MSA-17-0003 du 17 janvier 2017",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345914"
    }
  ]
}

GHSA-6R76-F8C8-FH7P

Vulnerability from github – Published: 2022-05-17 03:03 – Updated: 2024-04-23 23:36

Summary

Moodle Cross-site Scripting in assignment submission page

Details

In Moodle 3.x, there is Cross-site Scripting in the assignment submission page.

Severity ?

6.1 (Medium)


                  
                    CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.1"
            },
            {
              "fixed": "3.1.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Packagist",
        "name": "moodle/moodle"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2"
            },
            {
              "fixed": "3.2.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2017-2578"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-23T23:36:08Z",
    "nvd_published_at": "2017-01-20T08:59:00Z",
    "severity": "MODERATE"
  },
  "details": "In Moodle 3.x, there is Cross-site Scripting in the assignment submission page.",
  "id": "GHSA-6r76-f8c8-fh7p",
  "modified": "2024-04-23T23:36:08Z",
  "published": "2022-05-17T03:03:00Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2578"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/moodle/moodle"
    },
    {
      "type": "WEB",
      "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/95647"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Moodle Cross-site Scripting in assignment submission page"
}

FKIE_CVE-2017-2578

Vulnerability from fkie_nvd - Published: 2017-01-20 08:59 - Updated: 2025-04-20 01:37

Severity ?

6.1 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Summary

In Moodle 3.x, there is XSS in the assignment submission page.

References

URL	Tags
secalert@redhat.com	http://www.securityfocus.com/bid/95647	Third Party Advisory, VDB Entry
secalert@redhat.com	https://moodle.org/mod/forum/discuss.php?d=345915	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/95647	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://moodle.org/mod/forum/discuss.php?d=345915	Patch, Vendor Advisory

Impacted products

Vendor	Product	Version
moodle	moodle	3.1.0
moodle	moodle	3.1.0
moodle	moodle	3.1.0
moodle	moodle	3.1.0
moodle	moodle	3.1.1
moodle	moodle	3.1.2
moodle	moodle	3.1.3
moodle	moodle	3.2.0
moodle	moodle	3.2.0
moodle	moodle	3.2.0
moodle	moodle	3.2.0
moodle	moodle	3.2.0
moodle	moodle	3.2.0
moodle	moodle	3.2.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "0033EC68-98DB-42E6-A256-EFA05F6EC72E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "A1F5E2DD-495F-4C4E-92B9-5481D432BC12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "16158B28-FE97-4BF3-BCDF-D754B5158825",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C8B58722-61EF-4283-A434-A022583C528A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "27EC92C0-87A6-4D86-B940-C907EC4153ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "798441F2-2FE1-4335-A87C-08067C411718",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2479F7AE-8DC6-45CE-99E5-5063FE854635",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "03AE2C05-6EC3-42FA-82BC-48177EC2BD72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*",
              "matchCriteriaId": "3A427510-6E46-4D0D-9BA6-C7D496D5FC13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B3F6B28F-694A-4F7B-AB46-3F733C2423EF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "53C84D53-E3E6-4FEA-A5EE-EFF793A24163",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "AC0A7BB8-AE92-454F-976B-4C851A3AB50F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "294BD385-E050-4124-80BE-28A48D893DF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "842BB818-567E-4D57-9D21-5992244B4C8A",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "In Moodle 3.x, there is XSS in the assignment submission page."
    },
    {
      "lang": "es",
      "value": "En Moodle 3.x, hay XSS en la p\u00e1gina de env\u00edo de asignaciones."
    }
  ],
  "id": "CVE-2017-2578",
  "lastModified": "2025-04-20T01:37:25.860",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV30": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.1,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.0"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2017-01-20T08:59:00.440",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95647"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/95647"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2017-2578

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

In Moodle 3.x, there is XSS in the assignment submission page.

Aliases

CVE-2017-2578

Aliases

CVE-2017-2578

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2017-2578",
    "description": "In Moodle 3.x, there is XSS in the assignment submission page.",
    "id": "GSD-2017-2578",
    "references": [
      "https://www.suse.com/security/cve/CVE-2017-2578.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2017-2578"
      ],
      "details": "In Moodle 3.x, there is XSS in the assignment submission page.",
      "id": "GSD-2017-2578",
      "modified": "2023-12-13T01:21:05.980692Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2017-2578",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Moodle 3.x",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "Moodle 3.x"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "In Moodle 3.x, there is XSS in the assignment submission page."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "unspecified"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://moodle.org/mod/forum/discuss.php?d=345915",
            "refsource": "CONFIRM",
            "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
          },
          {
            "name": "95647",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/95647"
          }
        ]
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=3.1.0,\u003c=3.1.3||=3.2.0",
          "affected_versions": "All versions starting from 3.1.0 up to 3.1.3, version 3.2.0",
          "cvss_v2": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
          "cwe_ids": [
            "CWE-1035",
            "CWE-79",
            "CWE-937"
          ],
          "date": "2017-01-25",
          "description": "There is XSS in the assignment submission page.",
          "fixed_versions": [
            "3.1.4",
            "3.2.1"
          ],
          "identifier": "CVE-2017-2578",
          "identifiers": [
            "CVE-2017-2578"
          ],
          "not_impacted": "All versions before 3.1.0, all versions after 3.1.3 before 3.2.0, all versions after 3.2.0",
          "package_slug": "packagist/moodle/moodle",
          "pubdate": "2017-01-20",
          "solution": "Upgrade to versions 3.1.4, 3.2.1 or above.",
          "title": "Cross-site Scripting",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2017-2578",
            "http://www.securityfocus.com/bid/95647",
            "https://moodle.org/mod/forum/discuss.php?d=345915"
          ],
          "uuid": "9071c629-77da-44d9-b3b2-e345cb0194b1"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.2.0:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.2.0:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.1.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.1.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.1.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.1.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.2.0:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.2.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.1.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.2.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.2.0:beta:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.1.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:moodle:moodle:3.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2017-2578"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "In Moodle 3.x, there is XSS in the assignment submission page."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-79"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://moodle.org/mod/forum/discuss.php?d=345915",
              "refsource": "CONFIRM",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://moodle.org/mod/forum/discuss.php?d=345915"
            },
            {
              "name": "95647",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/95647"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.0"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 2.7
        }
      },
      "lastModifiedDate": "2017-01-25T20:22Z",
      "publishedDate": "2017-01-20T08:59Z"
    }
  }
}

CNVD-2017-00905

Vulnerability from cnvd - Published: 2017-02-05

Title

Moodle HTML注入漏洞（CNVD-2017-00905）

Description

Moodle是澳大利亚马丁-多基马（Martin Dougiamas）博士开发的一套免费、开源的电子学习软件平台，也称课程管理系统、学习管理系统或虚拟学习环境。 Moodle存在HTML注入漏洞，由于程序未能充分验证用户输入。攻击者可以利用特制的HTML和任意脚本代码在受影响网站中运行，窃取基于cookie认证证书或控制网站向用户呈现的内容。

Severity

中

Patch Name

Moodle HTML注入漏洞（CNVD-2017-00905）的补丁

Patch Description

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://moodle.org/mod/forum/discuss.php?d=345915#p1395034

Reference

http://www.securityfocus.com/bid/95647

Impacted products

Name
['moodle Moodle 3.x', 'Moodle Moodle 2.x']

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "95647"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-2578",
      "cveUrl": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-2578"
    }
  },
  "description": "Moodle\u662f\u6fb3\u5927\u5229\u4e9a\u9a6c\u4e01-\u591a\u57fa\u9a6c\uff08Martin Dougiamas\uff09\u535a\u58eb\u5f00\u53d1\u7684\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u7279\u5236\u7684HTML\u548c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u8ba4\u8bc1\u8bc1\u4e66\u6216\u63a7\u5236\u7f51\u7ad9\u5411\u7528\u6237\u5448\u73b0\u7684\u5185\u5bb9\u3002",
  "discovererName": "Ago Luberg and Wael AbuSeada",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://moodle.org/mod/forum/discuss.php?d=345915#p1395034",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-00905",
  "openTime": "2017-02-05",
  "patchDescription": "Moodle\u662f\u6fb3\u5927\u5229\u4e9a\u9a6c\u4e01-\u591a\u57fa\u9a6c\uff08Martin Dougiamas\uff09\u535a\u58eb\u5f00\u53d1\u7684\u4e00\u5957\u514d\u8d39\u3001\u5f00\u6e90\u7684\u7535\u5b50\u5b66\u4e60\u8f6f\u4ef6\u5e73\u53f0\uff0c\u4e5f\u79f0\u8bfe\u7a0b\u7ba1\u7406\u7cfb\u7edf\u3001\u5b66\u4e60\u7ba1\u7406\u7cfb\u7edf\u6216\u865a\u62df\u5b66\u4e60\u73af\u5883\u3002\r\n\r\nMoodle\u5b58\u5728HTML\u6ce8\u5165\u6f0f\u6d1e\uff0c\u7531\u4e8e\u7a0b\u5e8f\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u8f93\u5165\u3002\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u7279\u5236\u7684HTML\u548c\u4efb\u610f\u811a\u672c\u4ee3\u7801\u5728\u53d7\u5f71\u54cd\u7f51\u7ad9\u4e2d\u8fd0\u884c\uff0c\u7a83\u53d6\u57fa\u4e8ecookie\u8ba4\u8bc1\u8bc1\u4e66\u6216\u63a7\u5236\u7f51\u7ad9\u5411\u7528\u6237\u5448\u73b0\u7684\u5185\u5bb9\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Moodle HTML\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-00905\uff09\u7684\u8865\u4e01",
  "products": {
    "product": [
      "moodle Moodle 3.x",
      "Moodle Moodle 2.x"
    ]
  },
  "referenceLink": "http://www.securityfocus.com/bid/95647",
  "serverity": "\u4e2d",
  "submitTime": "2017-01-22",
  "title": "Moodle HTML\u6ce8\u5165\u6f0f\u6d1e\uff08CNVD-2017-00905\uff09"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2017-2578 (GCVE-0-2017-2578)

CERTFR-2017-AVI-014

Solution

CERTFR-2017-AVI-014

Solution

GHSA-6R76-F8C8-FH7P

FKIE_CVE-2017-2578

GSD-2017-2578

CNVD-2017-00905

Tags

Sightings

Nomenclature