Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: VEX Vulnerability Details - SANS Internet Storm Center

SANS Site Network

Current Site

Internet Storm Center

Other SANS Sites Help

Graduate Degree Programs

Security Training

Security Certification

Security Awareness Training

Penetration Testing

Industrial Control Systems

Cyber Defense Foundations

DFIR

Software Security

Government OnSite Training

VEX Vulnerability Details

Log In or Sign Up for Free!

VEXID-201070
Published	2017-01-20 08:59:00
Last Modified	2017-01-20 18:28:32
AKA	CVE-2017-2576
Summary	In Moodle 2.x and 3.x, there is incorrect sanitization of attributes in forums.
CVSS Score	5
CVSS Source	http://nvd.nist.gov

CVSS
Access Vector	Local	Adjacent	Network
Access Complexity	Low	Medium	High
Authentication	None	Single	Multiple
Confidentiality	None	Partial	Complete
Integrity	None	Partial	Complete
Availability	None	Partial	Complete

References
Type	Content
Vendor Advisory	https://moodle.org/mod/forum/discuss.php?d=345912