Moodle in English: BP Uses Moodle and (unfortunately) expose themselves to an "XSS based iFrame injection"...

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation
Search

Search
Moodle Sites

Moodle.org

Home

BP Uses Moodle and (unfortunately) expose themselves to an "XSS based iFrame injection"...

◄ Government authentication requirement question
Prevent Teacher Role from Downloading Backup Zip Files ►

This discussion has been locked so you can no longer reply to it.

Re: BP Uses Moodle and (unfortunately) expose themselves to an "XSS based iFrame injection"...

by Howard Miller - Thursday, 10 June 2010, 6:54 PM

The language selection isn't standard. They won't have any parameter cleaning for the language I would imagine. So, the language drop down can be replaced by the iframe.

A valuable lesson :D

Average of ratings: -

◄ Government authentication requirement question
Prevent Teacher Role from Downloading Backup Zip Files ►

Security and privacy

BP Uses Moodle and (unfortunately) expose themselves to an "XSS based iFrame injection"...

Re: BP Uses Moodle and (unfortunately) expose themselves to an "XSS based iFrame injection"...

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world