Moderate severityNVD Advisory· Published Jul 29, 2014· Updated Jun 17, 2026
CVE-2014-3547
CVE-2014-3547
Description
Multiple cross-site scripting (XSS) vulnerabilities in badges/renderer.php in Moodle 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via an external badge.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
moodle/moodlePackagist | >= 2.5.0, < 2.5.7 | 2.5.7 |
moodle/moodlePackagist | >= 2.6.0, < 2.6.4 | 2.6.4 |
moodle/moodlePackagist | >= 2.7.0, < 2.7.1 | 2.7.1 |
Affected products
13cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*+ 11 more
- cpe:2.3:a:moodle:moodle:2.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:moodle:moodle:2.7.0:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-hwjv-mc78-cccjghsaADVISORY
- moodle.org/mod/forum/discuss.phpnvdVendor AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2014-3547ghsaADVISORY
- openwall.com/lists/oss-security/2014/07/21/1nvdWEB
- www.securityfocus.com/bid/68758nvdWEB
- github.com/moodle/moodle/commit/0174a0a57f6d84e240dd0bc0df0ffa63c3cc5a88ghsaWEB
- github.com/moodle/moodle/commit/200a2b7fad3f7ef92b3171a07d68df6958d842b7ghsaWEB
- github.com/moodle/moodle/commit/9eef6b5237520f0cb9874564e577c64e3a831987ghsaWEB
- github.com/moodle/moodle/commit/ea76b652fc4f3600403a61e54f198cc8570a4234ghsaWEB
News mentions
0No linked articles in our index yet.