CVE 2009-0500
Cross-site scripting (XSS) vulnerability in course/lib.php in Moodle 1.6 before 1.6.9, 1.7 before 1.7.7, 1.8 before 1.8.8, and 1.9 before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via crafted log table information that is not properly handled when it is displayed in a log report.
Related bugs and status
CVE-2009-0500 (Candidate) is related to these bugs:
Bug #225662: [MASTER] package moodle failed to install/upgrade: grep: /etc/postgresql///pg_hba.conf: No such file or directory
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 225662 | [MASTER] package moodle failed to install/upgrade: grep: /etc/postgresql///pg_hba.conf: No such file or directory | moodle (Ubuntu) | High | Fix Released | ||
Bug #234609: Blank pages in Moodle after install - failed to install php5-mysql
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 234609 | Blank pages in Moodle after install - failed to install php5-mysql | moodle (Ubuntu) | Medium | Fix Released | ||
Bug #239481: Upgrade Moodle to 1.9.3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 239481 | Upgrade Moodle to 1.9.3 | moodle (Ubuntu) | Wishlist | Fix Released | ||
Bug #303078: attempting to re-enter mismatched new password when installing moodle database with apache in ubuntu server
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 303078 | attempting to re-enter mismatched new password when installing moodle database with apache in ubuntu server | moodle (Ubuntu) | Undecided | Fix Released | ||
Bug #322961: merge moodle 1.8.2.dfsg-3
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 322961 | merge moodle 1.8.2.dfsg-3 | moodle (Ubuntu) | High | Fix Released | ||
| 322961 | merge moodle 1.8.2.dfsg-3 | moodle (Ubuntu Jaunty) | High | Fix Released | ||
Bug #325450: package moodle 1.8.2-1ubuntu4.1 failed to uninstall after failing to install
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 325450 | package moodle 1.8.2-1ubuntu4.1 failed to uninstall after failing to install | moodle (Ubuntu) | Undecided | Fix Released | ||
Bug #327843: Strange default MySQL administrator username (postgres) during install
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 327843 | Strange default MySQL administrator username (postgres) during install | moodle (Ubuntu) | Undecided | Fix Released | ||
Bug #334611: Feature Freeze Exception: moodle 1.9.4-0ubuntu1
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 334611 | Feature Freeze Exception: moodle 1.9.4-0ubuntu1 | moodle (Ubuntu) | Undecided | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
