Candidate: CVE-2014-3548
PublicDate: 2014-07-29 11:10:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3548
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45471
 https://marc.info/?l=oss-security&m=140595126521264&w=2
 https://moodle.org/mod/forum/discuss.php?d=264270
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in Moodle through
 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and
 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or
 HTML via vectors that trigger an AJAX exception dialog.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Frédéric Massart
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.7.1, 2.6.4, 2.5.7 and 2.4.11)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.7.5+dfsg-1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.7.5+dfsg-1)
cosmic_moodle: not-affected (2.7.5+dfsg-1)
disco_moodle: not-affected (2.7.5+dfsg-1)
devel_moodle: not-affected (2.7.5+dfsg-1)