Security announcements

MSA-17-0008: XSS in evidence of prior learning

 
Picture of Marina Glancy
MSA-17-0008: XSS in evidence of prior learning
 
Description: Registered user could submit evidence of prior learning that includes XSS that will be executed for another user who tried to edit the same evidence
Issue summary: XSS in evidence of prior learning
Severity/Risk: Minor
Versions affected: 3.2 to 3.2.1 and 3.1 to 3.1.4
Versions fixed: 3.2.2 and 3.1.5
Reported by: Jaymark Pestaño
Issue no.: MDL-57596
CVE identifier: CVE-2017-2644
Changes (master): http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57596