Topic: | Persistent Cross Site Scripting vulnerability in the MNET access control interface |
Severity/Risk: | Minor |
Versions affected: | <1.8.13 and <1.9.9 |
Reported by: | Sascha Herzog |
Issue no.: | MDL-22040 |
Solution: | upgrade to 1.8.13 or 1.9.9 |
Workaround: | disable MNET or uncheck Allow extended characters in usernames |
Description:
Sasha Herzog reported a cross site scripting vulnerability in the MNET access control interface when server allows extended characters in usernames.