Candidate: CVE-2013-4941
PublicDate: 2013-07-29 13:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4941
 https://moodle.org/mod/forum/discuss.php?d=232496
 http://yuilibrary.com/support/20130515-vulnerability/
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-39678
Description:
 Cross-site scripting (XSS) vulnerability in uploader.swf in the Uploader
 component in Yahoo! YUI 3.2.0 through 3.9.1, as used in Moodle through
 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, 2.5.x
 before 2.5.1, and other products, allows remote attackers to inject
 arbitrary web script or HTML via a crafted string in a URL.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.5.1-1)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
quantal_moodle: ignored (reached end-of-life)
raring_moodle: ignored (reached end-of-life)
saucy_moodle: not-affected (2.5.1-1)
trusty_moodle: not-affected (2.5.1-1)
trusty/esm_moodle: DNE (trusty was not-affected [2.5.1-1])
utopic_moodle: not-affected (2.5.1-1)
vivid_moodle: not-affected (2.5.1-1)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: not-affected (2.5.1-1)
xenial_moodle: not-affected (2.5.1-1)
yakkety_moodle: not-affected (2.5.1-1)
zesty_moodle: not-affected (2.5.1-1)
devel_moodle: not-affected (2.5.1-1)