1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
|
Candidate: CVE-2012-2360
PublicDate: 2012-07-20
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2360
http://www.openwall.com/lists/oss-security/2012/05/23/2
Description:
Cross-site scripting (XSS) vulnerability in the Wiki subsystem in Moodle
2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows
remote authenticated users to inject arbitrary web script or HTML via a
crafted string that is inserted into a page title.
Ubuntu-Description:
Notes:
jdstrand> moodle 2.0 and higher
Bugs:
Priority: medium
Discovered-by: Sam Hemelryk
Assigned-to:
Patches_moodle:
upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32018
upstream_moodle: needs-triage
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected
natty_moodle: not-affected
oneiric_moodle: not-affected
precise_moodle: not-affected (1.9.9.dfsg2-6)
precise/esm_moodle: DNE (precise was not-affected [1.9.9.dfsg2-6])
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: needs-triage
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: needs-triage
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: needs-triage
devel_moodle: needs-triage
|