1
Candidate: CVE-2011-4294
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4294
6
The error-message functionality in Moodle 1.9.x before 1.9.13, 2.0.x before
7
2.0.4, and 2.1.x before 2.1.1 does not ensure that a continuation link
8
refers to an http or https URL for the local Moodle instance, which might
9
allow attackers to trick users into visiting arbitrary web sites via
13
jdstrand> moodle 2.0 only
20
upstream_moodle: needs-triage
21
hardy_moodle: ignored (reached end-of-life)
22
lucid_moodle: ignored (reached end-of-life)
23
maverick_moodle: ignored (reached end-of-life)
24
natty_moodle: ignored (reached end-of-life)
25
oneiric_moodle: not-affected (1.9.9.dfsg2-3)
26
precise_moodle: not-affected
27
quantal_moodle: not-affected
28
raring_moodle: not-affected
29
saucy_moodle: not-affected
30
devel_moodle: not-affected