MSA-17-0010: External blog editing takeover

由“Marina Glancy”.  

User could edit somebody else's external blog link. The ownership of the blog would be changed to the current user, therefore compromising other people was not possible


...
Severity/Risk:Minor
Versions affected:3.2 to 3.2.2, 3.1 to 3.1.5, 3.0 to 3.0.9, 2.7 to 2.7.19 and other unsupported versions
Versions fixed:3.2.3, 3.1.6,
Leer más...

MSA-17-0009: XSS in attachments to evidence of prior learning

by Marina Glancy.  

...
Description:Serving files attached to evidence of prior learning did not force download. When viewed by other users they would be opened in current moodle sessions
Issue summary:XSS in attachments to evidence of prior learning
Severity/Risk:Serious
Versions affected:3.2 to 3.2.1 and 3.1 to 3.1.4
Versions fixed:3.2.2 and 3.1.5
Rep
Leer más...

MSA-17-0008: XSS in evidence of prior learning

by Marina Glancy.  

...
Description:Registered user could submit evidence of prior learning that includes XSS that will be executed for another user who tried to edit the same evidence
Issue summary:XSS in evidence of prior learning
Severity/Risk:Minor
Versions affected:3.2 to 3.2.1 and 3.1 to 3.1.4
Versions fixed:3.2.2 and 3.1.5
Reported by:Jaymark
Leer más...

MSA-17-0007: Global search displays user names for unauthenticated users

by Marina Glancy.  

...
Description:Global search does not respect "Force login for profiles" setting and displays user names to guests when it should not (User profiles were still not displayed)
Issue summary:Global search display user names, for unauthenticated user search
Severity/Risk:Minor
Versions affected:3.2 to 3.2.1
Versions fixed:3.2.2
Reporte
Leer más...