MSA-17-0004: XSS in assignment submission page

by Marina Glancy.  

Description:HTML injection with potential XSS attack was possible by modifying URL for assignment submission and tricking another user into following it
Issue summary:XSS in assignment submission page
Severity/Risk:Minor
Versions affected:3.2 and 3.1 to 3.1.3
Versions fixed:3.2.1 and 3.1.4 (also backported to 2.7.18 and 3.0.8 as a precaution)
Reported by:Ago Luberg and Wael AbuSeada
Issue no.:MDL-57580
CVE identifier:CVE-2017-2578
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-57580

Read more https://moodle.org/mod/forum/discuss.php?d=345915&parent=1395034