MGASA-2015-0302
- Source
- https://advisories.mageia.org/MGASA-2015-0302.html
- Import Source
- https://advisories.mageia.org/MGASA-2015-0302.json
- JSON Data
- https://api.osv.dev/v1/vulns/MGASA-2015-0302
- Upstream
- Published
- 2015-08-03T20:55:18Z
- Modified
- 2026-04-16T06:24:43.877201253Z
- Summary
- Updated moodle package fixes security vulnerabilities
- Details
-
In Moodle before 2.8.7, phishing is possible when redirecting to external site using referer headers in error messages (CVE-2015-3272).
In Moodle before 2.8.7, several web services returning user information did not clean text in text custom profile fields, leading to possible XSS (CVE-2015-3274).
In Moodle before 2.8.7, possible Javascript injection was discovered in the SCORM module (CVE-2015-3275).
As Moodle 2.6 is no longer supported, users of this package on Mageia 4 are advised to migrate to Mageia 5.
- References
-
- https://advisories.mageia.org/MGASA-2015-0302.html
- https://bugs.mageia.org/show_bug.cgi?id=16374
- https://moodle.org/mod/forum/discuss.php?d=316662
- https://moodle.org/mod/forum/discuss.php?d=316664
- https://moodle.org/mod/forum/discuss.php?d=316665
- https://docs.moodle.org/dev/Moodle_2.8.7_release_notes
- https://moodle.org/mod/forum/discuss.php?d=316289
- Credits
-
-
- Mageia - COORDINATOR
-
Affected packages
Mageia:5 / moodle
Package
- Name
- moodle
- Purl
- pkg:rpm/mageia/moodle?arch=source&distro=mageia-5