Security Advisory

CVE-2015-3274

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2016-02-22 02:00:00

Last updated 2024-08-06 05:39:32

Assigner redhat

State PUBLISHED

Description

Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.

← Browse all CVEs View on cve.org ↗