1
Candidate: CVE-2015-5337
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-5337
5
https://moodle.org/mod/forum/discuss.php?d=323232#p1297703
7
Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x
8
before 2.9.3 does not properly restrict the availability of Flowplayer,
9
which allows remote attackers to conduct cross-site scripting (XSS) attacks
10
via a crafted .swf file.
15
Discovered-by: Andrew Nicols
19
upstream_moodle: released (2.7.11+dfsg-1, 2.9.3, 2.8.9 and 2.7.11)
20
precise_moodle: ignored (reached end-of-life)
21
precise/esm_moodle: DNE (precise was needed)
23
vivid_moodle: ignored (reached end-of-life)
24
vivid/stable-phone-overlay_moodle: DNE
25
vivid/ubuntu-core_moodle: DNE
26
wily_moodle: ignored (reached end-of-life)
27
xenial_moodle: not-affected (2.7.11+dfsg-2)
28
yakkety_moodle: not-affected (2.7.11+dfsg-2)
29
zesty_moodle: not-affected (2.7.11+dfsg-2)
30
artful_moodle: not-affected (2.7.11+dfsg-2)
31
bionic_moodle: not-affected (2.7.11+dfsg-2)
32
devel_moodle: not-affected (2.7.11+dfsg-2)