| Topic: | HTML/JS Injection possible in repository names |
| Severity/Risk: | Minor |
| Versions affected: | 2.2 to 2.2.3+, 2.1 to 2.1.6+ |
| Reported by: | Daniel Compton |
| Issue no.: | MDL-33808 |
|
CVE Identifier: |
CVE-2012-3393 |
| Changes (2.2): | http://git.moodle.org/gw?p=moodle.git&a=search&h=refs%2Fheads%2FMOODLE_22_STABLE&st=commit&s=MDL-33808 |
Description:
The administration setting that allowed renaming of repositories was not being filtered.