Candidate: CVE-2017-7298
PublicDate: 2017-03-29 05:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-7298
 http://www.daimacn.com/post/12.html
 https://tracker.moodle.org/browse/MDL-52038
Description:
 In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a
 new course" page, as demonstrated by a crafted attribute of an SVG element.
Ubuntu-Description:
Notes:
 msalvatore> upstream disputes that this is a vulnerability
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N [5.4 MEDIUM]

Patches_moodle:
upstream_moodle: needed
precise_moodle: ignored (reached end-of-life)
precise/esm_moodle: DNE (precise was needs-triage)
trusty_moodle: ignored (upstream disputed)
trusty/esm_moodle: DNE (trusty was ignored [upstream disputed])
vivid/stable-phone-overlay_moodle: DNE
vivid/ubuntu-core_moodle: DNE
xenial_moodle: ignored (upstream disputed)
yakkety_moodle: ignored (reached end-of-life)
zesty_moodle: ignored (reached end-of-life)
artful_moodle: ignored (reached end-of-life)
bionic_moodle: ignored (upstream disputed)
cosmic_moodle: ignored (upstream disputed)
devel_moodle: ignored (upstream disputed)