Candidate: CVE-2013-4939
PublicDate: 2013-07-29 13:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4939
 http://yuilibrary.com/support/20130515-vulnerability/
 https://moodle.org/mod/forum/discuss.php?d=232496
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
Description:
 Cross-site scripting (XSS) vulnerability in io.swf in the IO Utility
 component in Yahoo! YUI 3.0.0 through 3.9.1, as used in Moodle through
 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x
 before 2.5.1, and other products, allows remote attackers to inject
 arbitrary web script or HTML via a crafted string in a URL.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.5.1-1)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.1-1)
trusty_moodle: not-affected (2.5.1-1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.1-1])
utopic_moodle: not-affected (2.5.1-1)
vivid_moodle: not-affected (2.5.1-1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.1-1)
xenial_moodle: not-affected (2.5.1-1)
yakkety_moodle: not-affected (2.5.1-1)
zesty_moodle: not-affected (2.5.1-1)
devel_moodle: not-affected (2.5.1-1)