Topic: | Cross-site request forgery in RSS block |
Severity: | Major |
Versions affected: | <1.9.11 (2.0.x not vulnerable) |
Reported by: | Dan Poltawski |
Issue no.: | MDL-18839 |
Solution: | Upgrade to 1.9.11 |
Workaround: | Delete the RSS feeds block |
Description:
This vulnerability could allow an attacker to manipulate RSS feeds used in an RSS block.