Vulnerability Database

324,311

Total vulnerabilities in the database

CVE-2015-5336

Multiple cross-site scripting (XSS) vulnerabilities in the survey module in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the student role and entering a crafted survey answer.

  • Published: Feb 22, 2016
  • Updated: Nov 9, 2025
  • CVE: CVE-2015-5336
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 3.5
  • AV:N/AC:M/Au:S/C:N/I:P/A:N

CWEs:

OWASP TOP 10:

Software From Fixed in
Composer icon moodle / moodle 2.7.1 2.7.1.x
Composer icon moodle / moodle 2.8.3 2.8.3.x
Composer icon moodle / moodle 2.8.7 2.8.7.x
Composer icon moodle / moodle 2.7.6 2.7.6.x
Composer icon moodle / moodle 2.7.2 2.7.2.x
Composer icon moodle / moodle 2.7.4 2.7.4.x
Composer icon moodle / moodle 2.7.9 2.7.9.x
Composer icon moodle / moodle 2.8.4 2.8.4.x
Composer icon moodle / moodle 2.8.6 2.8.6.x
Composer icon moodle / moodle - 2.6.11.x
Composer icon moodle / moodle 2.7.10 2.7.10.x
Composer icon moodle / moodle 2.7.5 2.7.5.x
Composer icon moodle / moodle 2.7.3 2.7.3.x
Composer icon moodle / moodle 2.8.8 2.8.8.x
Composer icon moodle / moodle 2.7.0 2.7.0.x
Composer icon moodle / moodle 2.9.1 2.9.1.x
Composer icon moodle / moodle 2.8.1 2.8.1.x
Composer icon moodle / moodle 2.8.5 2.8.5.x
Composer icon moodle / moodle 2.9.2 2.9.2.x
Composer icon moodle / moodle 2.7.8 2.7.8.x
Composer icon moodle / moodle 2.8.2 2.8.2.x
Composer icon moodle / moodle 2.7.7 2.7.7.x
Composer icon moodle / moodle 2.8.0 2.8.0.x
Composer icon moodle / moodle 2.9.0 2.9.0.x