Candidate: CVE-2012-2365
PublicDate: 2012-07-21 03:38:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2365
 http://www.openwall.com/lists/oss-security/2012/05/23/2
Description:
 Cross-site scripting (XSS) vulnerability in Moodle 2.0.x before 2.0.9,
 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated
 users to inject arbitrary web script or HTML via the idnumber field to
 cohort/edit.php.
Ubuntu-Description:
Notes:
 jdstrand> moodle 2.0 and higher
Bugs:
Priority: medium
Discovered-by: Dan Poltawski
Assigned-to:
CVSS: 

Patches_moodle:
 other: http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31691
upstream_moodle: released (2.2.3.dfsg-1)
hardy_moodle: ignored (reached end-of-life)
lucid_moodle: not-affected
natty_moodle: not-affected
oneiric_moodle: not-affected
precise_moodle: not-affected (1.9.9.dfsg2-6)
precise/esm_moodle: DNE (precise was not-affected [1.9.9.dfsg2-6])
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: ignored (reached end-of-life)
trusty_moodle: not-affected (2.5.4-1ubuntu1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.4-1ubuntu1])
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.5.4-1ubuntu1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.5.4-1ubuntu1)
cosmic_moodle: not-affected (2.5.4-1ubuntu1)
devel_moodle: not-affected (2.5.4-1ubuntu1)