CVE-2013-7341

medium

Published 2014-03-24 · Modified 2024-12-03

CVSS v3

—

CVSS v2

4.3

VIR risk

4.3

Description

Moodle cross-site scripting (XSS) vulnerabilities

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No vendor mitigations ingested yet for this CVE. The mitigation-content worker queues fetches as references arrive — check back in a few minutes, or see the references list below.

Package impact

Ecosystem	Package	Vulnerable	Fixed
Packagist	moodle/moodle	`<2.4.9`	`2.4.9`
Packagist	moodle/moodle	`>=2.5.0,<2.5.5`	`2.5.5`
Packagist	moodle/moodle	`>=2.6.0,<2.6.2`	`2.6.2`
Packagist	typo3/cms	`>=6.2.0,<6.2.14`	`6.2.14`
Packagist	typo3/cms	`>=7.0.0,<7.3.1`	`7.3.1`

Application impact

Vendor	Product	Versions	Fixed
flowplayer	flowplayer_flash	`{"endIncluding":"3.2.16"}`
flowplayer	flowplayer_flash	`3.0.0`
flowplayer	flowplayer_flash	`3.0.1`
flowplayer	flowplayer_flash	`3.0.2`
flowplayer	flowplayer_flash	`3.0.3`
flowplayer	flowplayer_flash	`3.0.4`
flowplayer	flowplayer_flash	`3.0.5`
flowplayer	flowplayer_flash	`3.0.6`
flowplayer	flowplayer_flash	`3.1.0`
flowplayer	flowplayer_flash	`3.1.1`
flowplayer	flowplayer_flash	`3.1.2`
flowplayer	flowplayer_flash	`3.1.3`
flowplayer	flowplayer_flash	`3.1.4`
flowplayer	flowplayer_flash	`3.1.5`
flowplayer	flowplayer_flash	`3.2.0`
flowplayer	flowplayer_flash	`3.2.1`
flowplayer	flowplayer_flash	`3.2.2`
flowplayer	flowplayer_flash	`3.2.3`
flowplayer	flowplayer_flash	`3.2.4`
flowplayer	flowplayer_flash	`3.2.5`
flowplayer	flowplayer_flash	`3.2.6`
flowplayer	flowplayer_flash	`3.2.7`
flowplayer	flowplayer_flash	`3.2.8`
flowplayer	flowplayer_flash	`3.2.9`
flowplayer	flowplayer_flash	`3.2.10`
flowplayer	flowplayer_flash	`3.2.11`
flowplayer	flowplayer_flash	`3.2.12`
flowplayer	flowplayer_flash	`3.2.13`
flowplayer	flowplayer_flash	`3.2.14`
flowplayer	flowplayer_flash	`3.2.15`
moodle	moodle	`{"endIncluding":"2.3.11"}`
moodle	moodle	`2.0.0`
moodle	moodle	`2.0.1`
moodle	moodle	`2.0.2`
moodle	moodle	`2.0.3`
moodle	moodle	`2.0.4`
moodle	moodle	`2.0.5`
moodle	moodle	`2.0.6`
moodle	moodle	`2.0.7`
moodle	moodle	`2.0.8`
moodle	moodle	`2.0.9`
moodle	moodle	`2.1.0`
moodle	moodle	`2.1.1`
moodle	moodle	`2.1.2`
moodle	moodle	`2.1.3`
moodle	moodle	`2.1.4`
moodle	moodle	`2.1.5`
moodle	moodle	`2.1.6`
moodle	moodle	`2.1.7`
moodle	moodle	`2.1.8`
moodle	moodle	`2.1.9`
moodle	moodle	`2.1.10`
moodle	moodle	`2.2.0`
moodle	moodle	`2.2.1`
moodle	moodle	`2.2.2`
moodle	moodle	`2.2.3`
moodle	moodle	`2.2.4`
moodle	moodle	`2.2.5`
moodle	moodle	`2.2.6`
moodle	moodle	`2.2.7`
moodle	moodle	`2.2.8`
moodle	moodle	`2.2.9`
moodle	moodle	`2.2.10`
moodle	moodle	`2.2.11`
moodle	moodle	`2.3.0`
moodle	moodle	`2.3.1`
moodle	moodle	`2.3.2`
moodle	moodle	`2.3.3`
moodle	moodle	`2.3.4`
moodle	moodle	`2.3.5`
moodle	moodle	`2.3.6`
moodle	moodle	`2.3.7`
moodle	moodle	`2.3.8`
moodle	moodle	`2.3.9`
moodle	moodle	`2.3.10`
moodle	moodle	`2.4.0`
moodle	moodle	`2.4.1`
moodle	moodle	`2.4.2`
moodle	moodle	`2.4.3`
moodle	moodle	`2.4.4`
moodle	moodle	`2.4.5`
moodle	moodle	`2.4.6`
moodle	moodle	`2.4.7`
moodle	moodle	`2.4.8`
moodle	moodle	`2.5.0`
moodle	moodle	`2.5.1`
moodle	moodle	`2.5.2`
moodle	moodle	`2.5.3`
moodle	moodle	`2.5.4`
moodle	moodle	`2.6.0`
moodle	moodle	`2.6.1`

References

CWEs

CWE-79

Verify integrity in audit chain (admin only). AS-IS.