Topic: | XSS bug in blog/index.php in IE |
Severity/Risk: | Serious |
Versions affected: | 1.9 to 1.9.17+ |
Reported by: | Simon Coggins |
Issue no.: | MDL-31745 |
CVE Identifier: |
CVE-2012-2362 |
Changes (1.9): | http://git.moodle.org/gw?p=moodle.git;a=commit;h=038131c8b5614f18c14d964dc53b6960ae6c30d8 |
Description:
Parameters sent to the Blog module were not sufficiently filtered. This allowed the potential for cross-site scripting in IE.