Description
In Moodle before 2.8.7, phishing is possible when redirecting to external
site using referer headers in error messages (CVE-2015-3272).
In Moodle before 2.8.7, several web services returning user information
did not clean text in text custom profile fields, leading to possible XSS
(CVE-2015-3274).
In Moodle before 2.8.7, possible Javascript injection was discovered in
the SCORM module (CVE-2015-3275).
As Moodle 2.6 is no longer supported, users of this package on Mageia 4
are advised to migrate to Mageia 5.