Moodle.org: MSA-10-0012: KSES Security Filter Bypassing vulnerability

Topic:	KSES Security Filter Bypassing vulnerability
Severity/Risk:	Critical
Versions affected:	<1.8.13 and <1.9.9
Reported by:	Sascha Herzog
Issue no.:	MDL-22042
Solution:	upgrade to 1.8.13 or 1.9.9
Workaround:	apply patch http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115 http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172

Description:
Sascha Herzog reported a critical vulnerability in KSES text cleaning filter may allows registered users to launch persistent cross-site scripting (XSS) attacks.

Security announcements

MSA-10-0012: KSES Security Filter Bypassing vulnerability

MSA-10-0012: KSES Security Filter Bypassing vulnerability

Empowering educators to improve our world

Moodle

Support

Get Involved

Contributions

Downloads

Tracker

Development

Empowering educators to improve our world