| Topic: | Cross Site Scripting vulnerability in blog/index.php |
| Severity/Risk: | Critical |
| Versions affected: | <1.8.13 and <1.9.9 |
| Reported by: | Emmanuel Bouillon |
| Issue no.: | MDL-22631 |
| Solution: | upgrade to 1.8.13 or 1.9.9 |
| Workaround: | apply patch or disable blogs http://cvs.moodle.org/moodle/blog/lib.php?r1=1.80.2.20&r2=1.80.2.21 http://cvs.moodle.org/moodle/blog/lib.php?r1=1.62.2.9&r2=1.62.2.10 |
Description:
Some parameters were not being properly cleaned on the blog index page, allowing non-persistent cross-site scripting (XSS) attacks.