Description: | Moodle traditionally trusted content from external DB however it was decided that external datasources may not be aware of web security practices and data could cause problems after importing to Moodle |
Issue summary: | XSS from profile fields from external db |
Severity/Risk: | Minor |
Versions affected: | 3.0 to 3.0.2, 2.9 to 2.9.4, 2.8 to 2.8.10, 2.7 to 2.7.12 and earlier unsupported versions |
Versions fixed: | 3.0.3, 2.9.5, 2.8.11 and 2.7.13 |
Reported by: | Jay Knight |
Issue no.: | MDL-50705 |
CVE identifier: | CVE-2016-2152 |
Changes (master): | http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50705 |