| Topic: | Multiple cross-site scripting problems in media filter |
| Severity: | Major |
| Versions affected: | <1.9.11 and <2.0.2 |
| Reported by: | Internal code review |
| Issue no.: | MDL-26030 |
| Solution: | Upgrade to latest version |
| Workaround: | Disable media filter |
Description:
Incorrect text escaping in media filter could allow authenticated users to launch cross-site scripting attacks.