|Topic:||Potential Cross Site Request Forgery in Quiz reports|
|Versions affected:||<1.8.13 and <1.9.9|
|Reported by:||Petr Skoda|
|Solution:||upgrade to 1.8.13 or 1.9.9|
|Workaround:|| apply patch
Only limited validation was being done for one of the parameters, allowing unauthorised deletion of attempts in some instances.