Miggo Logo
Book a Demo
Miggo Vulnerability Database
CVE-2016-2153

CVE-2016-2153:
Moodle Reflected XSS in mod_data advanced search

6.1

CVSS Score

Basic Information

CVE ID
CVE-2016-2153
GHSA ID
GHSA-mj85-3hqq-r6r9
EPSS Score
-
CWE
CWE-79
Published
5/13/2022
Updated
1/26/2024
KEV Status
No
Technology
TechnologyPHP

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
moodle/moodlecomposer>= 2.7, < 2.7.132.7.13
moodle/moodlecomposer>= 2.8, < 2.8.112.8.11
moodle/moodlecomposer>= 2.9, < 2.9.52.9.5
moodle/moodlecomposer>= 3.0, < 3.0.33.0.3

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from unescaped output of user-controlled parameters in search form fields. The GitHub patch shows critical additions of Moodle's s() escaping function to value attributes in multiple field classes' display_search_field methods and author name inputs in lib.php. These functions received user input via URL parameters (f_* fields and u_fn/u_ln) and rendered them without proper HTML entity encoding, enabling XSS injection. The consistent pattern of adding s() in the fix confirms these were the vulnerable points.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross-sit* s*riptin* (XSS) vuln*r**ility in t** **v*n***-s**r** ***tur* in mo*_**t* in Moo*l* t*rou** *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.**, *.*.x ***or* *.*.*, *n* *.*.x ***or* *.*.* *llows r*mot* *tt**k*rs to inj**t *r*itr*ry w** s*ript

Reasoning

T** vuln*r**ility st*ms *rom un*s**p** output o* us*r-*ontroll** p*r*m*t*rs in s**r** *orm *i*l*s. T** *it*u* p*t** s*ows *riti**l ***itions o* Moo*l*'s s() *s**pin* *un*tion to v*lu* *ttri*ut*s in multipl* *i*l* *l*ss*s' *ispl*y_s**r**_*i*l* m*t*o*s