Moodle · Moodle · CVE-2013-4523
**Name of the Vulnerable Software and Affected Versions**
Moodle versions prior to 2.2.11
Moodle versions 2.3.x prior to 2.3.10
Moodle versions 2.4.x prior to 2.4.7
Moodle versions 2.5.x prior to 2.5.3
**Description**
The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted message, which is a result of a cross-site scripting (XSS) vulnerability in message/lib.php.
**Recommendations**
For versions prior to 2.2.11, update to version 2.2.11 or later.
For versions 2.3.x prior to 2.3.10, update to version 2.3.10 or later.
For versions 2.4.x prior to 2.4.7, update to version 2.4.7 or later.
For versions 2.5.x prior to 2.5.3, update to version 2.5.3 or later.