Candidate: CVE-2012-2364
PublicDate: 2012-07-21 03:38:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2364
 http://www.openwall.com/lists/oss-security/2012/05/23/2
Description:
 Cross-site scripting (XSS) vulnerability in lib/filelib.php in Moodle 2.0.x
 before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote
 authenticated users to inject arbitrary web script or HTML via an
 assignment submission with zip compression, leading to text/html rendering
 during a "download all" action.
Ubuntu-Description:
Notes:
 jdstrand> moodle 2.0 and higher
Bugs:
Priority: medium
Discovered-by: Asaf Ohaion
Assigned-to:
CVSS: 

Patches_moodle:
 other: http://git.moodle.org/gw?p=moodle.git;a=commit;h=ce4126c7a9e07dd0514f7ac297b5e60cad0b8d20
upstream_moodle: released (2.2.3.dfsg-1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected
natty_moodle: not-affected
oneiric_moodle: not-affected
precise_moodle: not-affected (1.9.9.dfsg2-6)
precise/esm_moodle: DNE (precise was not-affected [1.9.9.dfsg2-6])
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.5.4-1ubuntu1)
cosmic_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)