CVE-2016-2152: XSS

First published: Sun May 22 2016(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in auth/db/auth.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
Moodle Moodle	<=2.6.11
Moodle Moodle	=2.7.0
Moodle Moodle	=2.7.1
Moodle Moodle	=2.7.2
Moodle Moodle	=2.7.3
Moodle Moodle	=2.7.4
Moodle Moodle	=2.7.5
Moodle Moodle	=2.7.6
Moodle Moodle	=2.7.7
Moodle Moodle	=2.7.8
Moodle Moodle	=2.7.9
Moodle Moodle	=2.7.10
Moodle Moodle	=2.7.11
Moodle Moodle	=2.7.12
Moodle Moodle	=2.8.0
Moodle Moodle	=2.8.1
Moodle Moodle	=2.8.2
Moodle Moodle	=2.8.3
Moodle Moodle	=2.8.4
Moodle Moodle	=2.8.5
Moodle Moodle	=2.8.6
Moodle Moodle	=2.8.7
Moodle Moodle	=2.8.8
Moodle Moodle	=2.8.9
Moodle Moodle	=2.8.10
Moodle Moodle	=2.9.0
Moodle Moodle	=2.9.1
Moodle Moodle	=2.9.2
Moodle Moodle	=2.9.3
Moodle Moodle	=2.9.4
Moodle Moodle	=3.0.0
Moodle Moodle	=3.0.1
Moodle Moodle	=3.0.2
composer/moodle/moodle	>=3.0<3.0.3	3.0.3
composer/moodle/moodle	>=2.9<2.9.5	2.9.5
composer/moodle/moodle	>=2.8<2.8.11	2.8.11
composer/moodle/moodle	>=2.7<2.7.13	2.7.13

Never miss a vulnerability like this again

Reference Links

collector/nvd-index
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-6mxm-wpqv-675h
alias/CVE-2016-2152
agent/software-canonical-lookup
agent/weakness
agent/references
agent/severity
agent/description
agent/softwarecombine
collector/nvd-cve
source/NVD
agent/author
collector/github-advisory
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/tags
agent/event
agent/trending
vendor/moodle
canonical/moodle moodle
version/moodle moodle/2.6.11
version/moodle moodle/2.7.0
version/moodle moodle/2.7.1
version/moodle moodle/2.7.2
version/moodle moodle/2.7.3
version/moodle moodle/2.7.4
version/moodle moodle/2.7.5
version/moodle moodle/2.7.6
version/moodle moodle/2.7.7
version/moodle moodle/2.7.8
version/moodle moodle/2.7.9
version/moodle moodle/2.7.10
version/moodle moodle/2.7.11
version/moodle moodle/2.7.12
version/moodle moodle/2.8.0
version/moodle moodle/2.8.1
version/moodle moodle/2.8.2
version/moodle moodle/2.8.3
version/moodle moodle/2.8.4
version/moodle moodle/2.8.5
version/moodle moodle/2.8.6
version/moodle moodle/2.8.7
version/moodle moodle/2.8.8
version/moodle moodle/2.8.9
version/moodle moodle/2.8.10
version/moodle moodle/2.9.0
version/moodle moodle/2.9.1
version/moodle moodle/2.9.2
version/moodle moodle/2.9.3
version/moodle moodle/2.9.4
version/moodle moodle/3.0.0
version/moodle moodle/3.0.1
version/moodle moodle/3.0.2
package-manager/composer

CVE-2016-2152: XSS

Never miss a vulnerability like this again

Reference Links

Company

Resources

Contact