Topic: | XSS vulnerabilities in /mod/lti/typessettings.php (POST parameters: lti_typename, lti_toolurl) |
Severity/Risk: | Serious |
Versions affected: | 2.3, 2.2 to 2.2.3+ |
Reported by: | Dan Poltawski |
Issue no.: | MDL-31692 |
CVE Identifier: |
CVE-2012-3389 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31692 |
Description:
Parameters used by the LTI (External tool) module were not being sufficiently cleaned.