[#MDL-9495] xss when adding a new course - Moodle Tracker

Details

Type: Bug
Status: Closed
Priority: Minor
Resolution: Not a bug
Affects Version/s: 1.8
Fix Version/s: None
Component/s: Administration
Labels:
None
Environment:
mamp

Affected Branches:
MOODLE_18_STABLE

Description

When adding a new course it is possible to inject XSS. This will be triggered visiting the site index.

Activity

All
Comments
History
Activity
Source
Test Sessions

Hide

Permalink

Petr Škoda (skodak) added a comment - 23/Apr/07 4:20 AM

This is a feature - teacher submitted data is not filtered, they would not be able to do much with filtering everywhere.

Show

Petr Škoda (skodak) added a comment - 23/Apr/07 4:20 AM This is a feature - teacher submitted data is not filtered, they would not be able to do much with filtering everywhere.

People

Assignee:

Petr Škoda (skodak)

Reporter:

Hans Wolters

Tester:

Nobody

Participants:

Hans Wolters, Petr Škoda (skodak)

Vote (0)

Watch (0)

Dates

Created:

23/Apr/07 4:15 AM

Updated:

17/Dec/10 1:41 PM

Resolved:

23/Apr/07 4:20 AM