Red Hat Bugzilla – Bug 247528
CVE-2007-3555: moodle cross site scripting vulnerability
Last modified: 2007-11-30 17:12:10 EST
"Cross-site scripting (XSS) vulnerability in index.php in Moodle 1.7.1 allows
remote attackers to inject arbitrary web script or HTML via a style expression
in the search parameter, a different vulnerability than CVE-2004-1424."
Appears to affect 1.6.x and 1.8.x too:
Built 1.8.2 for rawhide, which addresses this. Will push to 7, etc after testing.
moodle-1.8.2-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.