Security Announcements

 
 
Picture of Helen Foster
MSA-11-0002: Cross-site request forgery vulnerability in RSS block
 
Topic: Cross-site request forgery in RSS block
Severity: Major
Versions affected: <1.9.11 (2.0.x not vulnerable)
Reported by: Dan Poltawski
Issue no.: MDL-18839
Solution: Upgrade to 1.9.11
Workaround: Delete the RSS feeds block

Description:

This vulnerability could allow an attacker to manipulate RSS feeds used in an RSS block.