CVE-2013-4523

Name of the Vulnerable Software and Affected Versions Moodle versions prior to 2.2.11 Moodle versions 2.3.x prior to 2.3.10 Moodle versions 2.4.x prior to 2.4.7 Moodle versions 2.5.x prior to 2.5.3

Description The issue allows remote authenticated users to inject arbitrary web script or HTML via a crafted message, which is a result of a cross-site scripting (XSS) vulnerability in message/lib.php.

Recommendations For versions prior to 2.2.11, update to version 2.2.11 or later. For versions 2.3.x prior to 2.3.10, update to version 2.3.10 or later. For versions 2.4.x prior to 2.4.7, update to version 2.4.7 or later. For versions 2.5.x prior to 2.5.3, update to version 2.5.3 or later.