{"id":"MGASA-2014-0160","summary":"Updated moodle packages fix multiple security vulnerabilities","details":"Updated moodle package fixes security vulnerabilities:\n\nIn Moodle before 2.4.9, question strings were not being filtered correctly\npossibly allowing cross site scripting, as quiz_question_tostring can cause\ninvalid HTML (CVE-2014-2571).\n\nFeedback Availability dates not honored in complete.php in Moodle before\n2.4.9, therefore it was possible to start a Feedback activity while it was\nsupposed to be closed (CVE-2014-0127).\n\nBroken access control vulnerability in Moodle before 2.4.9 with\n/mod/chat/chat_ajax.php, where capabilities to chat were being checked at the\nstart of a chat, but not during, so changes were not effective immediately\n(CVE-2014-0122).\n\nIn Moodle before 2.4.9, there were missing access checks on Wiki pages\nallowing students to see pages of other students' individual wikis, through\nthe Recent activity block (CVE-2014-0123).\n\nIn Moodle before 2.4.9, cross site scripting was possible with Flowplayer\n(CVE-2013-7341).\n\nIn Moodle before 2.4.9, Forum and Quiz were showing users' email addresses\nwhen settings were supposed to be preventing this (CVE-2014-0124).\n\nIn Moodle before 2.4.9, alias links to items in an Alfresco repository were\nprovided with information that would allow someone to impersonate the file\nowner in Alfresco (CVE-2014-0125).\n\nCross Site Request Forgery in Moodle before 2.4.9 in\nenrol/imsenterprise/importnow.php, due to inadequate session checking when\ntriggering the import of IMS Enterprise identities (CVE-2014-0126).\n","modified":"2026-04-16T06:24:28.692656622Z","published":"2014-04-03T17:23:49Z","upstream":["CVE-2013-7341","CVE-2014-0122","CVE-2014-0123","CVE-2014-0124","CVE-2014-0125","CVE-2014-0126","CVE-2014-0127","CVE-2014-2571"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0160.html"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256416"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256417"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256418"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256419"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256420"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256421"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256422"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=256423"},{"type":"WEB","url":"http://docs.moodle.org/dev/Moodle_2.4.9_release_notes"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=255903"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=13005"}],"affected":[{"package":{"name":"moodle","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/moodle?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.9-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0160.json"}},{"package":{"name":"moodle","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/moodle?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.4.9-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0160.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}