CVE-2013-1833

Moodle - XSS

Title source: rule

Description

Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

References (5)

[Patch] http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507

[Vendor Advisory] https://moodle.org/mod/forum/discuss.php?d=225344

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html

[Mailing List, Third Party Advisory] http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html

[Mailing List] http://openwall.com/lists/oss-security/2013/03/25/2

Scores

EPSS 0.0021

EPSS Percentile 42.9%

Details

CWE

CWE-79

Status published

Products (38)

moodle/moodle

... and 28 more

Published Mar 25, 2013

Tracked Since Feb 18, 2026