| Topic: | XSS in Wiki comments |
| Severity: | Serious |
| Versions affected: | < 2.1.2, < 2.0.5 (1.9.x not affected) |
| Reported by: | Petr Škoda |
| Issue no.: | MDL-28726 |
| Solution: | upgrade to latest version |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=a459fd90625ae44d7b3ac10b65da2dc631a418e7 |
Description:
The result of wiki parsers was not cleaned, which could be discovered and exploited especially when combined with CSRF.