Security Announcements

 
 
Picture of Helen Foster
MSA-10-0011: Cross Site Scripting vulnerability in blog/index.php
 
Topic: Cross Site Scripting vulnerability in blog/index.php
Severity/Risk: Critical
Versions affected: <1.8.13 and <1.9.9
Reported by: Emmanuel Bouillon
Issue no.: MDL-22631
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: apply patch or disable blogs
http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21
http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10


Description:
Some parameters were not being properly cleaned on the blog index page, allowing non-persistent cross-site scripting (XSS) attacks.