1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
Candidate: CVE-2014-3551
PublicDate: 2014-07-29
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3551
http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
https://marc.info/?l=oss-security&m=140590892508533&w=2
Description:
Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading
implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before
2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote
authenticated users to inject arbitrary web script or HTML via a crafted
(1) qualification or (2) rating field in a rubric.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Javier E. GarcĂa Prada
Assigned-to:
Patches_moodle:
upstream_moodle: released (2.7.1, 2.6.4, 2.5.7 and 2.4.11)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
trusty_moodle: needed
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: needed
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: needed
devel_moodle: needed
|