|Release Date:||2012-04-17 (Last update can be found below the document title)|
|Description:||XSS Attack Vulnerabilities|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Systems Affected:||Canvas LMS|
|Discovered By:||Neal Poole and Nathan Partlan|
Multiple cross-site scripting and open redirect vulnerabilities were discovered and reported by an independent audit. These vulnerabilities could allow an attacker to steal the private information of a user logged in to Canvas.
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patches manually. Users of Canvas CV are also encouraged to verify that they have a files_domain configured in domain.yml.