What is the severity of CVE-2013-1833?

CVE-2013-1833 has a medium severity rating due to its potential for XSS attacks.

How do I fix CVE-2013-1833?

To fix CVE-2013-1833, upgrade to Moodle versions 2.2.8, 2.3.5, or 2.4.2 or later.

Who is affected by CVE-2013-1833?

CVE-2013-1833 affects Moodle versions ranging from 2.0.0 through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2.

What type of vulnerability is CVE-2013-1833?

CVE-2013-1833 is classified as a cross-site scripting (XSS) vulnerability.

Can CVE-2013-1833 be exploited by unauthenticated users?

No, CVE-2013-1833 can only be exploited by remote authenticated users.

Vulnerability/
CVE-2013-1833

low

3.5

CWE

25/3/2013

13/5/2022

6/8/2024

CVE-2013-1833: XSS

First published: Mon Mar 25 2013(Updated: )

Multiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
composer/moodle/moodle	>=2.0.0<=2.1.10
composer/moodle/moodle	>=2.4.0<2.4.2	2.4.2
composer/moodle/moodle	>=2.3.0<2.3.5	2.3.5
composer/moodle/moodle	>=2.2.0<2.2.8	2.2.8
Moodle	=2.0.0
Moodle	=2.0.1
Moodle	=2.0.2
Moodle	=2.0.3
Moodle	=2.0.4
Moodle	=2.0.5
Moodle	=2.0.6
Moodle	=2.0.7
Moodle	=2.0.8
Moodle	=2.0.9
Moodle	=2.1.0
Moodle	=2.1.1
Moodle	=2.1.2
Moodle	=2.1.3
Moodle	=2.1.4
Moodle	=2.1.5
Moodle	=2.1.6
Moodle	=2.1.7
Moodle	=2.1.8
Moodle	=2.1.9
Moodle	=2.1.10
Moodle	=2.2.0
Moodle	=2.2.1
Moodle	=2.2.2
Moodle	=2.2.3
Moodle	=2.2.4
Moodle	=2.2.5
Moodle	=2.2.6
Moodle	=2.2.7
Moodle	=2.3.0
Moodle	=2.3.1
Moodle	=2.3.2
Moodle	=2.3.3
Moodle	=2.3.4
Moodle	=2.4.0
Moodle	=2.4.1

Remedy

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-1833?
CVE-2013-1833 has a medium severity rating due to its potential for XSS attacks.
How do I fix CVE-2013-1833?
To fix CVE-2013-1833, upgrade to Moodle versions 2.2.8, 2.3.5, or 2.4.2 or later.
Who is affected by CVE-2013-1833?
CVE-2013-1833 affects Moodle versions ranging from 2.0.0 through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2.
What type of vulnerability is CVE-2013-1833?
CVE-2013-1833 is classified as a cross-site scripting (XSS) vulnerability.
Can CVE-2013-1833 be exploited by unauthenticated users?
No, CVE-2013-1833 can only be exploited by remote authenticated users.

agent/author
agent/type
collector/github-advisory-latest
source/GitHub
alias/GHSA-89f3-74m6-g27g
alias/CVE-2013-1833
agent/software-canonical-lookup
agent/weakness
agent/remedy
agent/severity
agent/references
agent/description
collector/github-advisory
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/trending
agent/source
agent/tags
collector/nvd-cve
source/NVD
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/composer
vendor/moodle
canonical/moodle
version/moodle/2.0.0
version/moodle/2.0.1
version/moodle/2.0.2
version/moodle/2.0.3
version/moodle/2.0.4
version/moodle/2.0.5
version/moodle/2.0.6
version/moodle/2.0.7
version/moodle/2.0.8
version/moodle/2.0.9
version/moodle/2.1.0
version/moodle/2.1.1
version/moodle/2.1.2
version/moodle/2.1.3
version/moodle/2.1.4
version/moodle/2.1.5
version/moodle/2.1.6
version/moodle/2.1.7
version/moodle/2.1.8
version/moodle/2.1.9
version/moodle/2.1.10
version/moodle/2.2.0
version/moodle/2.2.1
version/moodle/2.2.2
version/moodle/2.2.3
version/moodle/2.2.4
version/moodle/2.2.5
version/moodle/2.2.6
version/moodle/2.2.7
version/moodle/2.3.0
version/moodle/2.3.1
version/moodle/2.3.2
version/moodle/2.3.3
version/moodle/2.3.4
version/moodle/2.4.0
version/moodle/2.4.1