MSA-17-0004: XSS in assignment submission page

by Marina Glancy.  

Description:HTML injection with potential XSS attack was possible by modifying URL for assignment submission and tricking another user into following it
Issue summary:XSS in assignment submission page
Versions affected:3.2 and 3.1 to 3.1.3
Versions fixed:3.2.1 and 3.1.4 (also backported to 2.7.18 and 3.0.8 as a precaution)
Reported by:Ago Luberg and Wael AbuSeada
Issue no.:MDL-57580
CVE identifier:CVE-2017-2578
Changes (master):

Read more