Topic: | KSES Security Filter Bypassing vulnerability |
Severity/Risk: | Critical |
Versions affected: | <1.8.13 and <1.9.9 |
Reported by: | Sascha Herzog |
Issue no.: | MDL-22042 |
Solution: | upgrade to 1.8.13 or 1.9.9 |
Workaround: | apply patch http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.812.2.114&r2=1.812.2.115 http://cvs.moodle.org/moodle/lib/weblib.php?r1=1.970.2.171&r2=1.970.2.172 |
Description:
Sascha Herzog reported a critical vulnerability in KSES text cleaning filter may allows registered users to launch persistent cross-site scripting (XSS) attacks.