1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Candidate: CVE-2014-3548
PublicDate: 2014-07-29
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3548
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
https://marc.info/?l=oss-security&m=140595126521264&w=2
https://moodle.org/mod/forum/discuss.php?d=264270
Description:
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through
2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and
2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or
HTML via vectors that trigger an AJAX exception dialog.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Frédéric Massart
Assigned-to:
Patches_moodle:
upstream_moodle: released (2.7.1, 2.6.4, 2.5.7 and 2.4.11)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
trusty_moodle: needed
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: needed
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: needed
devel_moodle: needed
|