Topic: | Missing input validation in logs allows potential XSS attacks |
Severity: | Major |
Versions affected: | < 1.9.4, < 1.8.8, < 1.7.7, < 1.6.9 |
Reported by: | Full Name |
Issue no.: | MDL-17799, CVE-2009-0500 |
Solution: | update to latest releases, weeklies or http://cvs.moodle.org/moodle/course/lib.php?r1=1.538.2.66&r2=1.538.2.67 |
Description:
Some information stored in log table was not properly validated before displaying on log report.