Security Announcements

 
 
Picture of Helen Foster
MSA-11-0003: Cross-site scripting vulnerability in tag autocomplete
 
Topic: Cross-site scripting vulnerability in tag autocomplete
Severity: Major
Versions affected: <1.9.11 and <2.0.2
Reported by: gose
Issue no.: MDL-25754
Solution: Upgrade to latest version
Workaround: Delete /tag/tag_autocomplete.php file

Description:

Missing tag validation could allow an attacker to conduct a cross-site scripting attack.