Create an account

Subscribe to LWN

LWN.net Weekly Edition for May 23, 2013

An "enum" for Python 3

An unexpected perf feature

LWN.net Weekly Edition for May 16, 2013

A look at the PyPy 2.0 release

Weekly edition	Kernel	Security	Distributions	Contact Us	Search
Archives	Calendar	Subscribe	Write for LWN	LWN.net FAQ	Sponsors

moodle: multiple vulnerabilities

Package(s):

moodle

CVE #(s):

Created:

November 7, 2011

Updated:

November 9, 2011

Description:

From the Debian advisory:

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning:

MSA-11-0020 Continue links in error messages can lead offsite
MSA-11-0024 Recaptcha images were being authenticated from an older server
MSA-11-0025 Group names in user upload CSV not escaped
MSA-11-0026 Fields in user upload CSV not escaped
MSA-11-0031 Forms API constant issue
MSA-11-0032 MNET SSL validation issue
MSA-11-0036 Messaging refresh vulnerability
MSA-11-0037 Course section editing injection vulnerability
MSA-11-0038 Database injection protection strengthened

Alerts:

Debian

2011-11-07

(Log in to post comments)

Copyright © 2013, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds