| Topic: | Potential XSS: editsection.html print values directly from data_submitted() |
| Severity: | Minor |
| Versions affected: | < 1.9.14 (2.x not affected) |
| Reported by: | Aaron Barnes |
| Issue no.: | MDL-28722 |
| Solution: | upgrade to 1.9.14 |
| Changes (1.9): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=4a2acd8c7e6c869d5fd5aa686e6e0a3f20c97f15 |
Description:
Course section editing form data was being used without being filtered, which could be exploited by an injection attack.