Security Announcements

MSA-14-0031: Cross-site scripting though scheduled task error messages

 
 
My ugly mug
MSA-14-0031: Cross-site scripting though scheduled task error messages
 
Description: Error messages generated by scheduled tasks were being presented to admins without correct filtering.
Issue summary: XSS in scheduled tasks success/error message
Severity/Risk: Serious
Versions affected: 2.7
Versions fixed: 2.7.1
Reported by: Skylar Kelty
Issue no.: MDL-46227
CVE identifier: CVE-2014-3550
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-46227