|Topic:||Cross-site scripting vulnerability in course tags|
|Versions affected:||<2.0.2 (1.9.x not affected)|
|Reported by:||Internal code review|
|Solution:||Upgrade to latest version|
We have discovered a missing parameter validation in course tag code, this could allow attacker to launch cross-site scripting attack.