Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Minor
-
Resolution: Fixed
-
Affects Version/s: 3.9
-
Fix Version/s: 3.9.1
-
Component/s: Content bank
-
Sprint:Moppies Kanban
Description
https://qa.moodledemo.net/contentbank/index.php?contextid=25%27%22%3Cb%3E&statusmsg=Custom%20Text
The statusmsg is safe from any javascript attack but a student could send this link to a teacher to trick him (link to phishing for exemple) with an official looking statement. Message text should be hardcoded.
Attachments
Issue Links
- Testing discovered
-
MDL-69089 Content bank allows empty names
-
- Closed
-