Security announcements

MSA-17-0004: XSS in assignment submission page

 
Picture of Marina Glancy
MSA-17-0004: XSS in assignment submission page
 
Description: HTML injection with potential XSS attack was possible by modifying URL for assignment submission and tricking another user into following it
Issue summary: XSS in assignment submission page
Severity/Risk: Minor
Versions affected: 3.2 and 3.1 to 3.1.3
Versions fixed: 3.2.1 and 3.1.4 (also backported to 2.7.18 and 3.0.8 as a precaution)
Reported by: Ago Luberg and Wael AbuSeada
Issue no.: MDL-57580
CVE identifier: CVE-2017-2578
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57580