Common Vulnerabilities and Exposures assigned an identifier CVE-2008-0123 to the following vulnerability: Cross-site scripting (XSS) vulnerability in install.php for Moodle 1.8.3, and possibly other versions before 1.8.4, allows remote attackers to inject arbitrary web script or HTML via the dbname parameter. NOTE: this issue only exists until the installation is complete. References: http://archives.neohapsis.com/archives/fulldisclosure/2008-01/0202.html http://int21.de/cve/CVE-2008-0123-moodle.html
moodle-1.8.4-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report.
moodle-1.8.4-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report.
This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F7/FEDORA-2008-0627 https://admin.fedoraproject.org/updates/F8/FEDORA-2008-0610