Debian Security Advisory

DSA-2262-1 moodle -- several vulnerabilities

Date Reported:
15 Jun 2011
Affected Packages:
Security database references:
No other external database security references currently available.
More information:

Several cross-site scripting and information disclosure issues have been fixed in Moodle, a course management system for online learning:

  • MSA-11-0002

    Cross-site request forgery vulnerability in RSS block

  • MSA-11-0003

    Cross-site scripting vulnerability in tag autocomplete

  • MSA-11-0008

    IMS enterprise enrolment file may disclose sensitive information

  • MSA-11-0011

    Multiple cross-site scripting problems in media filter

  • MSA-11-0015

    Cross Site Scripting through URL encoding

  • MSA-11-0013

    Group/Quiz permissions issue

For the stable distribution (squeeze), this problem has been fixed in version 1.9.9.dfsg2-2.1+squeeze1.

For the unstable distribution (sid), this problem has been fixed in version 1.9.9.dfsg2-3.

We recommend that you upgrade your moodle packages.