Moodle.org: MSA-11-0007: Cross-site scripting vulnerability in course tags | Moodle.org

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation
Search

Search
Moodle Sites

Moodle.org

MSA-11-0007: Cross-site scripting vulnerability in course tags

◄ MSA-11-0006: Cross-site request forgery and missing access control in course completion
MSA-11-0008: IMS enterprise enrolment file may disclose sensitive information ►

Topic:	Cross-site scripting vulnerability in course tags
Severity:	Major
Versions affected:	<2.0.2 (1.9.x not affected)
Reported by:	Internal code review
Issue no.:	MDL-26196
Solution:	Upgrade to latest version
Workaround:	Disable tags

Description:

We have discovered a missing parameter validation in course tag code, this could allow attacker to launch cross-site scripting attack.

◄ MSA-11-0006: Cross-site request forgery and missing access control in course completion
MSA-11-0008: IMS enterprise enrolment file may disclose sensitive information ►