{"id":"MGASA-2015-0302","summary":"Updated moodle package fixes security vulnerabilities","details":"In Moodle before 2.8.7, phishing is possible when redirecting to external\nsite using referer headers in error messages (CVE-2015-3272).\n\nIn Moodle before 2.8.7, several web services returning user information\ndid not clean text in text custom profile fields, leading to possible XSS\n(CVE-2015-3274).\n\nIn Moodle before 2.8.7, possible Javascript injection was discovered in\nthe SCORM module (CVE-2015-3275).\n\nAs Moodle 2.6 is no longer supported, users of this package on Mageia 4\nare advised to migrate to Mageia 5.\n","modified":"2026-04-16T06:24:43.877201253Z","published":"2015-08-03T20:55:18Z","upstream":["CVE-2015-3272","CVE-2015-3274","CVE-2015-3275"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2015-0302.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=16374"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=316662"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=316664"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=316665"},{"type":"WEB","url":"https://docs.moodle.org/dev/Moodle_2.8.7_release_notes"},{"type":"WEB","url":"https://moodle.org/mod/forum/discuss.php?d=316289"}],"affected":[{"package":{"name":"moodle","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/moodle?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.8.7-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2015-0302.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}