Topic: | HTML/JS Injection possible in repository names |
Severity/Risk: | Minor |
Versions affected: | 2.2 to 2.2.3+, 2.1 to 2.1.6+ |
Reported by: | Daniel Compton |
Issue no.: | MDL-33808 |
CVE Identifier: |
CVE-2012-3393 |
Changes (2.2): | http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808 |
Description:
The administration setting that allowed renaming of repositories was not being filtered.