CVE 2008-5432
Cross-site scripting (XSS) vulnerability in Moodle before 1.6.8, 1.7 before 1.7.6, 1.8 before 1.8.7, and 1.9 before 1.9.3 allows remote attackers to inject arbitrary web script or HTML via a Wiki page name (aka page title).
Related bugs and status
CVE-2008-5432 (Candidate) is related to these bugs:
Bug #225662: [MASTER] package moodle failed to install/upgrade: grep: /etc/postgresql///pg_hba.conf: No such file or directory
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 225662 | [MASTER] package moodle failed to install/upgrade: grep: /etc/postgresql///pg_hba.conf: No such file or directory | moodle (Ubuntu) | High | Fix Released | ||
Bug #234609: Blank pages in Moodle after install - failed to install php5-mysql
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 234609 | Blank pages in Moodle after install - failed to install php5-mysql | moodle (Ubuntu) | Medium | Fix Released | ||
Bug #239481: Upgrade Moodle to 1.9.3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 239481 | Upgrade Moodle to 1.9.3 | moodle (Ubuntu) | Wishlist | Fix Released | ||
Bug #303078: attempting to re-enter mismatched new password when installing moodle database with apache in ubuntu server
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 303078 | attempting to re-enter mismatched new password when installing moodle database with apache in ubuntu server | moodle (Ubuntu) | Undecided | Fix Released | ||
Bug #322961: merge moodle 1.8.2.dfsg-3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 322961 | merge moodle 1.8.2.dfsg-3 | moodle (Ubuntu) | High | Fix Released | ||
| 322961 | merge moodle 1.8.2.dfsg-3 | moodle (Ubuntu Jaunty) | High | Fix Released | ||
Bug #325450: package moodle 1.8.2-1ubuntu4.1 failed to uninstall after failing to install
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 325450 | package moodle 1.8.2-1ubuntu4.1 failed to uninstall after failing to install | moodle (Ubuntu) | Undecided | Fix Released | ||
Bug #327843: Strange default MySQL administrator username (postgres) during install
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 327843 | Strange default MySQL administrator username (postgres) during install | moodle (Ubuntu) | Undecided | Fix Released | ||
Bug #334611: Feature Freeze Exception: moodle 1.9.4-0ubuntu1
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 334611 | Feature Freeze Exception: moodle 1.9.4-0ubuntu1 | moodle (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
