CVE-2014-2571

low

Published 2014-03-24 · Modified 2024-12-07

CVSS v3

—

CVSS v2

3.5

VIR risk

3.5

Description

Moodle cross-site scripting (XSS) vulnerability

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://moodle.org/mod/forum/discuss.php?d=256416

Ecosystem	Package	Vulnerable	Fixed
Packagist	moodle/moodle	`<2.4.9`	`2.4.9`
Packagist	moodle/moodle	`>=2.5.0,<2.5.5`	`2.5.5`
Packagist	moodle/moodle	`>=2.6.0,<2.6.2`	`2.6.2`

Vendor	Product	Versions
moodle	moodle	`{"endIncluding":"2.3.11"}`
moodle	moodle	`2.0.0`
moodle	moodle	`2.0.1`
moodle	moodle	`2.0.2`
moodle	moodle	`2.0.3`
moodle	moodle	`2.0.4`
moodle	moodle	`2.0.5`
moodle	moodle	`2.0.6`
moodle	moodle	`2.0.7`
moodle	moodle	`2.0.8`
moodle	moodle	`2.0.9`
moodle	moodle	`2.1.0`
moodle	moodle	`2.1.1`
moodle	moodle	`2.1.2`
moodle	moodle	`2.1.3`
moodle	moodle	`2.1.4`
moodle	moodle	`2.1.5`
moodle	moodle	`2.1.6`
moodle	moodle	`2.1.7`
moodle	moodle	`2.1.8`
moodle	moodle	`2.1.9`
moodle	moodle	`2.1.10`
moodle	moodle	`2.2.0`
moodle	moodle	`2.2.1`
moodle	moodle	`2.2.2`
moodle	moodle	`2.2.3`
moodle	moodle	`2.2.4`
moodle	moodle	`2.2.5`
moodle	moodle	`2.2.6`
moodle	moodle	`2.2.7`
moodle	moodle	`2.2.8`
moodle	moodle	`2.2.9`
moodle	moodle	`2.2.10`
moodle	moodle	`2.2.11`
moodle	moodle	`2.3.0`
moodle	moodle	`2.3.1`
moodle	moodle	`2.3.2`
moodle	moodle	`2.3.3`
moodle	moodle	`2.3.4`
moodle	moodle	`2.3.5`
moodle	moodle	`2.3.6`
moodle	moodle	`2.3.7`
moodle	moodle	`2.3.8`
moodle	moodle	`2.3.9`
moodle	moodle	`2.3.10`
moodle	moodle	`2.4.0`
moodle	moodle	`2.4.1`
moodle	moodle	`2.4.2`
moodle	moodle	`2.4.3`
moodle	moodle	`2.4.4`
moodle	moodle	`2.4.5`
moodle	moodle	`2.4.6`
moodle	moodle	`2.4.7`
moodle	moodle	`2.4.8`
moodle	moodle	`2.5.0`
moodle	moodle	`2.5.1`
moodle	moodle	`2.5.2`
moodle	moodle	`2.5.3`
moodle	moodle	`2.5.4`
moodle	moodle	`2.6.0`
moodle	moodle	`2.6.1`

CWE-79

Verify integrity in audit chain (admin only). AS-IS.