MSA-19-0007: Stored HTML in assignment submission comments allowed links to be opened directly

by Michael Hawkins.  

Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.


Severity/Risk:Minor
Versions affected:3.6 to 3.6.2, 3.5 to 3.5.4, 3.4 to 3.4.7, 3.1 to 3.1.16 and earlier unsupported versions
Versions fixed:3.6.3, 3.5.5, 3.4.8 and 3.1.17
Reported by:Steeven George
CVE identifier:CVE-2019-3850
Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64651
Tracker issue:MDL-64651 Stored HTML in assignment submission comments allowed links to be opened directly

Read more https://moodle.org/mod/forum/discuss.php?d=384013&parent=1547745