{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[{"description":"Moodle 2.1 ;","product":{"name":"Moodle","vendor":{"name":"Moodle","scada":false}}},{"description":"Moodle 2.0 ;","product":{"name":"Moodle","vendor":{"name":"Moodle","scada":false}}},{"description":"Moodle 1.9 ;","product":{"name":"Moodle","vendor":{"name":"Moodle","scada":false}}},{"description":"Moodle 2.2 ;","product":{"name":"Moodle","vendor":{"name":"Moodle","scada":false}}},{"description":"Moodle 2.3.","product":{"name":"Moodle","vendor":{"name":"Moodle","scada":false}}}],"affected_systems_content":null,"content":"## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l'\u00e9diteur pour l'obtention des\ncorrectifs (cf. section Documentation).\n","cves":[{"name":"CVE-2012-3394","url":"https://www.cve.org/CVERecord?id=CVE-2012-3394"},{"name":"CVE-2012-3389","url":"https://www.cve.org/CVERecord?id=CVE-2012-3389"},{"name":"CVE-2012-3395","url":"https://www.cve.org/CVERecord?id=CVE-2012-3395"},{"name":"CVE-2012-3387","url":"https://www.cve.org/CVERecord?id=CVE-2012-3387"},{"name":"CVE-2012-3392","url":"https://www.cve.org/CVERecord?id=CVE-2012-3392"},{"name":"CVE-2012-3393","url":"https://www.cve.org/CVERecord?id=CVE-2012-3393"},{"name":"CVE-2012-3396","url":"https://www.cve.org/CVERecord?id=CVE-2012-3396"},{"name":"CVE-2012-3398","url":"https://www.cve.org/CVERecord?id=CVE-2012-3398"},{"name":"CVE-2012-3390","url":"https://www.cve.org/CVERecord?id=CVE-2012-3390"},{"name":"CVE-2012-3391","url":"https://www.cve.org/CVERecord?id=CVE-2012-3391"},{"name":"CVE-2012-3397","url":"https://www.cve.org/CVERecord?id=CVE-2012-3397"},{"name":"CVE-2012-3388","url":"https://www.cve.org/CVERecord?id=CVE-2012-3388"}],"links":[{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0046 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207152"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0044 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207150"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0041 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207147"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0039 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207145"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0048 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207154"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0049 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207155"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0043 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207149"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0045 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207151"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0047 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207153"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0042 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207148"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0040 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207146"},{"title":"Bulletin de s\u00e9curit\u00e9 Moodle MSA-12-0050 du 17 juillet 2012    :","url":"http://moodle.org/mod/forum/discuss.php?d=207156"}],"reference":"CERTA-2012-AVI-396","revisions":[{"description":"version initiale.","revision_date":"2012-07-20T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance"},{"description":"Contournement de la politique de s\u00e9curit\u00e9"}],"summary":"Douze vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9s dans <span\nclass=\"textit\">Moodle</span>. Elles permettent \u00e0 un utilisateur\nmalintentionn\u00e9 de contourner la politique de s\u00e9curit\u00e9 ou de r\u00e9aliser des\ninjections de code indirecte \u00e0 distance (<span\nclass=\"textit\">XSS</span>)\n","title":"Vuln\u00e9rabilit\u00e9s dans Moodle","vendor_advisories":[{"published_at":null,"title":"Bulletins de s\u00e9curit\u00e9 Moodle du 17 juillet","url":null}]}