Topic: | Cross-site scripting vulnerability in tag autocomplete |
Severity: | Major |
Versions affected: | <1.9.11 and <2.0.2 |
Reported by: | gose |
Issue no.: | MDL-25754 |
Solution: | Upgrade to latest version |
Workaround: | Delete /tag/tag_autocomplete.php file |
Description:
Missing tag validation could allow an attacker to conduct a cross-site scripting attack.