Description: | Users with capability to grade in Lesson module were not reported as users with XSS risk but their feedback was displayed without cleaning |
Issue summary: | mod/lesson:grade capability missing RISK_XSS but essay feedback is displayed with noclean=true |
Severity/Risk: | Minor |
Versions affected: | 2.8 to 2.8.1 |
Versions fixed: | 2.8.2 |
Reported by: | Damyon Wiese |
Issue no.: | MDL-48034 |
CVE identifier: | CVE-2015-0216 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034 |
MSA-15-0006: Capability to grade Lesson module is missing XSS bitmask
by Marina Glancy -
Number of replies: 0