| Topic: | XSS bug in blog/index.php in IE |
| Severity/Risk: | Serious |
| Versions affected: | 1.9 to 1.9.17+ |
| Reported by: | Simon Coggins |
| Issue no.: | MDL-31745 |
|
CVE Identifier: |
CVE-2012-2362 |
| Changes (1.9): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8 |
Description:
Parameters sent to the Blog module were not sufficiently filtered. This allowed the potential for cross-site scripting in IE.