Security Announcements

MSA-11-0011: Multiple cross-site scripting problems in media filter

 
 
Picture of Helen Foster
MSA-11-0011: Multiple cross-site scripting problems in media filter
 
Topic: Multiple cross-site scripting problems in media filter
Severity: Major
Versions affected: <1.9.11 and <2.0.2
Reported by: Internal code review
Issue no.: MDL-26030
Solution: Upgrade to latest version
Workaround: Disable media filter

Description:

Incorrect text escaping in media filter could allow authenticated users to launch cross-site scripting attacks.