Topic: | Multiple cross-site scripting problems in media filter |
Severity: | Major |
Versions affected: | <1.9.11 and <2.0.2 |
Reported by: | Internal code review |
Issue no.: | MDL-26030 |
Solution: | Upgrade to latest version |
Workaround: | Disable media filter |
Description:
Incorrect text escaping in media filter could allow authenticated users to launch cross-site scripting attacks.