What is the severity of CVE-2015-3174?

The severity of CVE-2015-3174 is classified as medium due to potential cross-site scripting (XSS) vulnerabilities.

How do I fix CVE-2015-3174?

To fix CVE-2015-3174, update Moodle to version 2.8.6, 2.7.8, or 2.6.11 or higher.

What impact does CVE-2015-3174 have on users?

CVE-2015-3174 allows remote authenticated users to exploit the vulnerability through crafted feedback in quiz grading, potentially leading to XSS attacks.

Which versions are affected by CVE-2015-3174?

CVE-2015-3174 affects Moodle versions prior to 2.5.10, 2.6.11, 2.7.8, and 2.8.6.

Is there a workaround for CVE-2015-3174?

There is no official workaround for CVE-2015-3174; updating to a patched version is the recommended solution.

Vulnerability/
CVE-2015-3174

low

3.5

CWE

1/6/2015

13/5/2022

6/8/2024

CVE-2015-3174: XSS

First published: Mon Jun 01 2015(Updated: )

mod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Moodle Moodle	<=2.5.9
Moodle Moodle	=2.5.0
Moodle Moodle	=2.5.1
Moodle Moodle	=2.5.2
Moodle Moodle	=2.5.3
Moodle Moodle	=2.5.4
Moodle Moodle	=2.5.5
Moodle Moodle	=2.5.6
Moodle Moodle	=2.5.7
Moodle Moodle	=2.5.8
Moodle Moodle	=2.6.0
Moodle Moodle	=2.6.1
Moodle Moodle	=2.6.2
Moodle Moodle	=2.6.3
Moodle Moodle	=2.6.4
Moodle Moodle	=2.6.5
Moodle Moodle	=2.6.6
Moodle Moodle	=2.6.7
Moodle Moodle	=2.6.8
Moodle Moodle	=2.6.9
Moodle Moodle	=2.6.10
Moodle Moodle	=2.7.0
Moodle Moodle	=2.7.1
Moodle Moodle	=2.7.2
Moodle Moodle	=2.7.3
Moodle Moodle	=2.7.4
Moodle Moodle	=2.7.5
Moodle Moodle	=2.7.6
Moodle Moodle	=2.7.7
Moodle Moodle	=2.8.0
Moodle Moodle	=2.8.1
Moodle Moodle	=2.8.2
Moodle Moodle	=2.8.3
Moodle Moodle	=2.8.4
Moodle Moodle	=2.8.5
composer/moodle/moodle	>=2.8.0<2.8.6	2.8.6
composer/moodle/moodle	>=2.7.0<2.7.8	2.7.8
composer/moodle/moodle	<2.6.11	2.6.11
	<=2.5.9
	=2.5.0
	=2.5.1
	=2.5.2
	=2.5.3
	=2.5.4
	=2.5.5
	=2.5.6
	=2.5.7
	=2.5.8
	=2.6.0
	=2.6.1
	=2.6.2
	=2.6.3
	=2.6.4
	=2.6.5
	=2.6.6
	=2.6.7
	=2.6.8
	=2.6.9
	=2.6.10
	=2.7.0
	=2.7.1
	=2.7.2
	=2.7.3
	=2.7.4
	=2.7.5
	=2.7.6
	=2.7.7
	=2.8.0
	=2.8.1
	=2.8.2
	=2.8.3
	=2.8.4
	=2.8.5

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-3174?
The severity of CVE-2015-3174 is classified as medium due to potential cross-site scripting (XSS) vulnerabilities.
How do I fix CVE-2015-3174?
To fix CVE-2015-3174, update Moodle to version 2.8.6, 2.7.8, or 2.6.11 or higher.
What impact does CVE-2015-3174 have on users?
CVE-2015-3174 allows remote authenticated users to exploit the vulnerability through crafted feedback in quiz grading, potentially leading to XSS attacks.
Which versions are affected by CVE-2015-3174?
CVE-2015-3174 affects Moodle versions prior to 2.5.10, 2.6.11, 2.7.8, and 2.8.6.
Is there a workaround for CVE-2015-3174?
There is no official workaround for CVE-2015-3174; updating to a patched version is the recommended solution.

collector/nvd-index
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-6r7x-6q98-qcqp
alias/CVE-2015-3174
agent/software-canonical-lookup
agent/weakness
agent/severity
agent/references
agent/description
agent/author
agent/softwarecombine
collector/nvd-cve
source/NVD
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/tags
agent/source
vendor/moodle
canonical/moodle moodle
version/moodle moodle/2.5.9
version/moodle moodle/2.5.0
version/moodle moodle/2.5.1
version/moodle moodle/2.5.2
version/moodle moodle/2.5.3
version/moodle moodle/2.5.4
version/moodle moodle/2.5.5
version/moodle moodle/2.5.6
version/moodle moodle/2.5.7
version/moodle moodle/2.5.8
version/moodle moodle/2.6.0
version/moodle moodle/2.6.1
version/moodle moodle/2.6.2
version/moodle moodle/2.6.3
version/moodle moodle/2.6.4
version/moodle moodle/2.6.5
version/moodle moodle/2.6.6
version/moodle moodle/2.6.7
version/moodle moodle/2.6.8
version/moodle moodle/2.6.9
version/moodle moodle/2.6.10
version/moodle moodle/2.7.0
version/moodle moodle/2.7.1
version/moodle moodle/2.7.2
version/moodle moodle/2.7.3
version/moodle moodle/2.7.4
version/moodle moodle/2.7.5
version/moodle moodle/2.7.6
version/moodle moodle/2.7.7
version/moodle moodle/2.8.0
version/moodle moodle/2.8.1
version/moodle moodle/2.8.2
version/moodle moodle/2.8.3
version/moodle moodle/2.8.4
version/moodle moodle/2.8.5
package-manager/composer