MGASA-2013-0356

Source
https://advisories.mageia.org/MGASA-2013-0356.html
Import Source
https://advisories.mageia.org/MGASA-2013-0356.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2013-0356
Upstream
  • CVE-2013-4522
  • CVE-2013-4523
  • CVE-2013-4524
  • CVE-2013-4525
Published
2013-11-30T21:24:35Z
Modified
2026-04-16T06:26:21.696500053Z
Summary
Updated moodle package fixes security vulnerabilities
Details

Some files were being delivered with incorrect headers in Moodle before 2.4.7, meaning they could be cached downstream (CVE-2013-4522).

Cross-site scripting in Moodle before 2.4.7 due to JavaScript in messages being executed on some pages (CVE-2013-4523).

The file system repository in Moodle before 2.4.7 was allowing access to files beyond the Moodle file area (CVE-2013-4524).

Cross-site scripting in Moodle before 2.4. due to JavaScript in question answers being executed on the Quiz Results page (CVE-2013-4525).

References
Credits

Affected packages

Mageia:3 / moodle

Package

Name
moodle
Purl
pkg:rpm/mageia/moodle?arch=source&distro=mageia-3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.4.7-1.mga3

Ecosystem specific

{
    "section": "core"
}

Database specific

source
"https://advisories.mageia.org/MGASA-2013-0356.json"