Security Announcements

 
 
Picture of Helen Foster
MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface
 
Topic: Persistent Cross Site Scripting vulnerability in the MNET access control interface
Severity/Risk: Minor
Versions affected: <1.8.13 and <1.9.9
Reported by: Sascha Herzog
Issue no.: MDL-22040
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: disable MNET or uncheck Allow extended characters in usernames


Description:
Sasha Herzog reported a cross site scripting vulnerability in the MNET access control interface when server allows extended characters in usernames.