Security Announcements

 
 
Picture of Helen Foster
MSA-10-0012: KSES Security Filter Bypassing vulnerability
 
Topic: KSES Security Filter Bypassing vulnerability
Severity/Risk: Critical
Versions affected: <1.8.13 and <1.9.9
Reported by: Sascha Herzog
Issue no.: MDL-22042
Solution: upgrade to 1.8.13 or 1.9.9
Workaround: apply patch
http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115
http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172


Description:
Sascha Herzog reported a critical vulnerability in KSES text cleaning filter may allows registered users to launch persistent cross-site scripting (XSS) attacks.