CVE-2012-3396

Cross-site scripting (XSS) vulnerability in cohort/edit_form.php in Moodle 2.0.x before 2.0.10, 2.1.x before 2.1.7, 2.2.x before 2.2.4, and 2.3.x before 2.3.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the idnumber field. NOTE: this vulnerability exists because of an incorrect fix for CVE-2012-2365.

Published: Jul 23, 2012
Updated: Nov 8, 2023
CVE: CVE-2012-3396
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.5
AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

CWE-79

OWASP TOP 10:

A7 - Cross-Site Scripting (XSS)

Affected Software
References

Software	From	Fixed in
moodle / moodle	2.0.2	2.0.2.x
moodle / moodle	2.2.2	2.2.2.x
moodle / moodle	2.0.1	2.0.1.x
moodle / moodle	2.1.2	2.1.2.x
moodle / moodle	2.0.4	2.0.4.x
moodle / moodle	2.0.3	2.0.3.x
moodle / moodle	2.1.1	2.1.1.x
moodle / moodle	2.1.5	2.1.5.x
moodle / moodle	2.1.6	2.1.6.x
moodle / moodle	2.0.6	2.0.6.x
moodle / moodle	2.0.5	2.0.5.x
moodle / moodle	2.1.3	2.1.3.x
moodle / moodle	2.0.9	2.0.9.x
moodle / moodle	2.2.1	2.2.1.x
moodle / moodle	2.2.3	2.2.3.x
moodle / moodle	2.0.8	2.0.8.x
moodle / moodle	2.0.7	2.0.7.x
moodle / moodle	2.1.4	2.1.4.x
moodle / moodle	2.0.0	2.0.0.x
moodle / moodle	2.1.0	2.1.0.x
moodle / moodle	2.2.0	2.2.0.x
moodle / moodle	2.3.0	2.3.0.x

Vulnerability Database

290,301

CVE-2012-3396