| Topic: | XSS vulnerabilities in /mod/lti/typessettings.php (POST parameters: lti_typename, lti_toolurl) |
| Severity/Risk: | Serious |
| Versions affected: | 2.3, 2.2 to 2.2.3+ |
| Reported by: | Dan Poltawski |
| Issue no.: | MDL-31692 |
|
CVE Identifier: |
CVE-2012-3389 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692 |
Description:
Parameters used by the LTI (External tool) module were not being sufficiently cleaned.