Candidate: CVE-2013-1833
CRD: 2013-03-11 04:00:00 UTC
PublicDate: 2013-03-25 21:55:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1833
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the File Picker
 module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before
 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject
 arbitrary web script or HTML via a crafted filename.
Ubuntu-Description: 
Notes: 
 seth-arnold> MSA-13-0015
Bugs: 
Priority: medium
Discovered-by: Frederic Massart
Assigned-to: 
CVSS: 

Patches_moodle:
 upstream: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
upstream_moodle: released (2.4.2, 2.3.5, 2.2.8)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected (1.9.4.dfsg-0ubuntu4)
oneiric_moodle: not-affected (1.9.9.dfsg2-3)
precise_moodle: not-affected (1.9.9.dfsg2-6)
precise/esm_moodle: DNE (precise was not-affected [1.9.9.dfsg2-6])
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: ignored (end of standard support, was needed)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: needed
cosmic_moodle: ignored (reached end-of-life)
disco_moodle: ignored (reached end-of-life)
eoan_moodle: ignored (reached end-of-life)
focal_moodle: DNE
groovy_moodle: DNE
hirsute_moodle: DNE
impish_moodle: DNE
jammy_moodle: DNE
devel_moodle: DNE