Moodle Cross-site Scripting vulnerability

In Moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk...

Fedora 20 : moodle-2.5.6-1.fc20 (2014-6585)

Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws : CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous...

Fedora 19 : moodle-2.4.10-1.fc19 (2014-6577)

Moodle upstream has released versions 2.7, 2.6.3, 2.5.6, and 2.4.10 to fix the following security flaws : CVE-2014-0213 MSA-14-0014: Cross-site request forgery possible in Assignment CVE-2014-0214 MSA-14-0015: Web service token expiry issue for MoodleMobile CVE-2014-0215 MSA-14-0016: Anonymous...

CVE-2014-0214

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack...

Code injection

login/token.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 creates a MoodleMobile web-service token with an infinite lifetime, which makes it easier for remote attackers to hijack sessions via a brute-force attack...