Moodle · Moodle · CVE-2013-2244
**Name of the Vulnerable Software and Affected Versions**
Moodle versions 2.4.x through 2.4.4
Moodle versions 2.5.x through 2.5.0
**Description**
The issue allows remote attackers to inject arbitrary web script or HTML via the conditional access rule value of a `user field`. This is due to multiple cross-site scripting (XSS) vulnerabilities in `lib/conditionlib.php`.
**Recommendations**
For Moodle versions 2.4.x through 2.4.4, update to version 2.4.5 or later.
For Moodle versions 2.5.x through 2.5.0, update to version 2.5.1 or later.