Security announcements

MSA-10-0001: Vulnerability in KSES text cleaning

 
Picture of Petr Skoda
MSA-10-0001: Vulnerability in KSES text cleaning
 
Topic: Vulnerability in KSES text cleaning
Severity/Risk: Major
Versions affected: <1.8.12 and <1.9.8
Reported by: Sam Marshall
Issue no.: MDL-21026
Solution: upgrade to 1.8.12 or 1.9.8
Workaround: apply patch http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.1349&r2=1.1350


Description:
Sam Marshall discovered a serious vulnerability in the KSES html text cleaning library that Moodle includes, please upgrade all sites in order to prevent XSS attacks from any registered user.