1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
|
Candidate: CVE-2016-0725
PublicDate: 2016-02-22
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-0725
Description:
Cross-site scripting (XSS) vulnerability in the search_pagination function
in course/classes/management_renderer.php in Moodle 2.8.x before 2.8.10,
2.9.x before 2.9.4, and 3.0.x before 3.0.2 allows remote attackers to
inject arbitrary web script or HTML via a crafted search string.
Ubuntu-Description:
Notes:
tyhicks> Per Debian, only affects 3.0 to 3.0.1, 2.9 to 2.9.3 and 2.8 to 2.8.9
Bugs:
Priority: untriaged
Discovered-by:
Assigned-to:
Patches_moodle:
upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52552
upstream_moodle: not-affected (2.7.12+dfsg-1)
precise_moodle: not-affected
trusty_moodle: not-affected
vivid_moodle: not-affected
wily_moodle: not-affected
devel_moodle: not-affected (2.7.12+dfsg-1)
|