Security Announcements

MSA-14-0030: Cross-site scripting through logs of failed logins

 
 
My ugly mug
MSA-14-0030: Cross-site scripting through logs of failed logins
 
Description: Log entries of failed login attempts were not filtered correctly.
Issue summary: XSS in 'failed login' logs
Severity/Risk: Serious
Versions affected: 2.7
Versions fixed: 2.7.1
Reported by: Skylar Kelty
Issue no.: MDL-46201
CVE identifier: CVE-2014-3549
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46201