by Marina Glancy.
|Description:||HTML injection with potential XSS attack was possible by modifying URL for assignment submission and tricking another user into following it|
|Issue summary:||XSS in assignment submission page|
|Versions affected:||3.2 and 3.1 to 3.1.3|
|Versions fixed:||3.2.1 and 3.1.4 (also backported to 2.7.18 and 3.0.8 as a precaution)|
|Reported by:||Ago Luberg and Wael AbuSeada|