1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
|
Candidate: CVE-2013-4941
PublicDate: 2013-07-29
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4941
https://moodle.org/mod/forum/discuss.php?d=232496
http://yuilibrary.com/support/20130515-vulnerability/
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
Description:
Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader
component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through
2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x
before 2.5.1, and other products, allows remote attackers to inject
arbitrary web script or HTML via a crafted string in a URL.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
Patches_moodle:
upstream_moodle: released (2.5.1-1)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.1-1)
trusty_moodle: not-affected (2.5.1-1)
utopic_moodle: not-affected (2.5.1-1)
vivid_moodle: not-affected (2.5.1-1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.1-1)
xenial_moodle: not-affected (2.5.1-1)
yakkety_moodle: not-affected (2.5.1-1)
zesty_moodle: not-affected (2.5.1-1)
devel_moodle: not-affected (2.5.1-1)
|