Moodle.org: MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface

Forums
Documentation
Downloads
Demo
Tracker
Development
Translation
Search

Search
Moodle Sites

Moodle.org

MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface

◄ MSA-10-0009: Session fixation prevention now turned on by default
MSA-10-0011: Cross Site Scripting vulnerability in blog/index.php ►

MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface

by Helen Foster - Thursday, 17 June 2010, 6:16 PM

Topic:	Persistent Cross Site Scripting vulnerability in the MNET access control interface
Severity/Risk:	Minor
Versions affected:	<1.8.13 and <1.9.9
Reported by:	Sascha Herzog
Issue no.:	MDL-22040
Solution:	upgrade to 1.8.13 or 1.9.9
Workaround:	disable MNET or uncheck Allow extended characters in usernames

Description:
Sasha Herzog reported a cross site scripting vulnerability in the MNET access control interface when server allows extended characters in usernames.

◄ MSA-10-0009: Session fixation prevention now turned on by default
MSA-10-0011: Cross Site Scripting vulnerability in blog/index.php ►

Security announcements

MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface

MSA-10-0010: Persistent Cross Site Scripting vulnerability in the MNET access control interface

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world