PublicDateAtUSN: 2009-02-09
Candidate: CVE-2009-0502
PublicDate: 2009-02-10 02:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0502
 https://ubuntu.com/security/notices/USN-791-1
Description:
 Cross-site scripting (XSS) vulnerability in blocks/html/block_html.php in
 Snoopy 1.2.3, as used in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8
 before 1.8.8, and 1.9 before 1.9.4, allows remote attackers to inject
 arbitrary web script or HTML via an HTML block, which is not properly
 handled when the "Login as" feature is used to visit a MyMoodle or Blog
 page.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (1.9.4)
dapper_moodle: ignored (reached end-of-life)
gutsy_moodle: needed (reached end-of-life)
hardy_moodle: released (1.8.2-1ubuntu4.2)
intrepid_moodle: released (1.8.2-1.2ubuntu2.1)
jaunty_moodle: not-affected (1.9.4.dfsg-0ubuntu1)
karmic_moodle: not-affected (1.9.4.dfsg-0ubuntu1)
devel_moodle: not-affected (1.9.4.dfsg-0ubuntu1)