Candidate: CVE-2010-1618
PublicDate: 2010-04-29 21:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1618
Description:
 Cross-site scripting (XSS) vulnerability in the phpCAS client library
 before 1.1.0, as used in Moodle 1.8.x before 1.8.12 and 1.9.x before 1.9.8,
 allows remote attackers to inject arbitrary web script or HTML via a
 crafted URL, which is not properly handled in an error message.
Ubuntu-Description:
Notes:
 kees> MSA-10-0002 http://tracker.moodle.org/browse/MDL-21802
Bugs:
Priority: medium
Discovered-by: Joachim Fritschi
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (1.9.8)
dapper_moodle: ignored (reached end-of-life)
hardy_moodle: ignored (reached end-of-life)
jaunty_moodle: ignored (reached end-of-life)
karmic_moodle: ignored (reached end-of-life)
lucid_moodle: ignored (reached end-of-life)
maverick_moodle: ignored (reached end-of-life)
natty_moodle: not-affected (1.9.9.dfsg2-2)
oneiric_moodle: not-affected (1.9.9.dfsg2-2)
precise_moodle: not-affected (1.9.9.dfsg2-2)
quantal_moodle: not-affected (1.9.9.dfsg2-2)
raring_moodle: not-affected (1.9.9.dfsg2-2)
saucy_moodle: not-affected (1.9.9.dfsg2-2)
devel_moodle: not-affected (1.9.9.dfsg2-2)