Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-53237

Sanitise input in authentication module

XMLWordPrintable

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Minor Minor
    • None
    • 3.1, 3.3
    • Authentication
    • MOODLE_31_STABLE, MOODLE_33_STABLE
    • Easy

      Authentication plugins do not properly sanitise the inputs for fields. So you are able to insert scripts etc. Only users with the capability moodle/site:config which has XSS risk anyway can access it so it is only really a usability concern, as it may confused admins in some cases

      Originally reported by S3curityB3ast at MDL-53109 MDL-53134

            Unassigned Unassigned
            johno John Okely
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved:

                Error rendering 'clockify-timesheets-time-tracking-reports:timer-sidebar'. Please contact your Jira administrators.