MSA-17-0009: XSS in attachments to evidence of prior learning

MSA-17-0009: XSS in attachments to evidence of prior learning

על ידי Marina Glancy בתאריך
מספר תגובות: 0
Description: Serving files attached to evidence of prior learning did not force download. When viewed by other users they would be opened in current moodle sessions
Issue summary: XSS in attachments to evidence of prior learning
Severity/Risk: Serious
Versions affected: 3.2 to 3.2.1 and 3.1 to 3.1.4
Versions fixed: 3.2.2 and 3.1.5
Reported by: wez3
Issue no.: MDL-57597
CVE identifier: CVE-2017-2645
Changes (master):