CVE-2008-5432

Publication date 11 December 2008

Last updated 24 July 2024

Ubuntu priority

Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).

Status

Show unmaintained releases

Package	Ubuntu Release	Status
moodle	9.10 karmic	Not affected
	9.04 jaunty	Not affected
	8.10 intrepid	Fixed 1.8.2-1.2ubuntu2.1
	8.04 LTS hardy	Fixed 1.8.2-1ubuntu4.2
	7.10 gutsy	Ignored end of life, was needs-triage
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-791-1
Moodle vulnerabilities
24 June 2009

Other references

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=508593
https://www.cve.org/CVERecord?id=CVE-2008-5432