Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507
lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html
lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html
openwall.com/lists/oss-security/2013/03/25/2
github.com/moodle/moodle
github.com/moodle/moodle/commit/75822af579ec07cca1c6781a7c989625dcdd5463
github.com/moodle/moodle/commit/93e9ea9989ec6e91153d9651c9a4bc7dac1cf9ce
github.com/moodle/moodle/commit/954b35451112c333c0ae77dff25dafbf41587c26
github.com/moodle/moodle/commit/ca2a7956b2957d8495e154409694d205bb4ae3ef
moodle.org/mod/forum/discuss.php?d=225344
nvd.nist.gov/vuln/detail/CVE-2013-1833