Candidate: CVE-2014-3551
PublicDate: 2014-07-29 11:10:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3551
 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46223
 https://marc.info/?l=oss-security&m=140590892508533&w=2
Description:
 Multiple cross-site scripting (XSS) vulnerabilities in the advanced-grading
 implementation in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before
 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allow remote
 authenticated users to inject arbitrary web script or HTML via a crafted
 (1) qualification or (2) rating field in a rubric.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by: Javier E. García Prada
Assigned-to:
CVSS: 

Patches_moodle:
upstream_moodle: released (2.7.1, 2.6.4, 2.5.7 and 2.4.11)
lucid_moodle: ignored (reached end-of-life)
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needed)
trusty_moodle: ignored (reached end-of-life)
trusty/esm_moodle: DNE (trusty was needed)
utopic_moodle: ignored (reached end-of-life)
vivid_moodle: ignored (reached end-of-life)
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
wily_moodle: ignored (reached end-of-life)
xenial_moodle: not-affected (2.7.5+dfsg-1)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: not-affected (2.7.5+dfsg-1)
cosmic_moodle: not-affected (2.7.5+dfsg-1)
disco_moodle: not-affected (2.7.5+dfsg-1)
devel_moodle: not-affected (2.7.5+dfsg-1)