Topic: | Cross-site scripting vulnerability in course tags |
Severity: | Major |
Versions affected: | <2.0.2 (1.9.x not affected) |
Reported by: | Internal code review |
Issue no.: | MDL-26196 |
Solution: | Upgrade to latest version |
Workaround: | Disable tags |
Description:
We have discovered a missing parameter validation in course tag code, this could allow attacker to launch cross-site scripting attack.