| Topic: | Vulnerability in KSES text cleaning |
| Severity/Risk: | Major |
| Versions affected: | <1.8.12 and <1.9.8 |
| Reported by: | Sam Marshall |
| Issue no.: | MDL-21026 |
| Solution: | upgrade to 1.8.12 or 1.9.8 |
| Workaround: | apply patch http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.1349&r2=1.1350 |
Description:
Sam Marshall discovered a serious vulnerability in the KSES html text cleaning library that Moodle includes, please upgrade all sites in order to prevent XSS attacks from any registered user.