| Description: | Users with capability to grade in Lesson module were not reported as users with XSS risk but their feedback was displayed without cleaning |
| Issue summary: | mod/lesson:grade capability missing RISK_XSS but essay feedback is displayed with noclean=true |
| Severity/Risk: | Minor |
| Versions affected: | 2.8 to 2.8.1 |
| Versions fixed: | 2.8.2 |
| Reported by: | Damyon Wiese |
| Issue no.: | MDL-48034 |
| CVE identifier: | CVE-2015-0216 |
| Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48034 |
MSA-15-0006: Capability to grade Lesson module is missing XSS bitmask
by Marina Glancy -
Number of replies: 0