2013-04-01 Instructure Advisory IAC64549 - XSS Attack Vulnerability

Document created by jordan@instructure.com on Sep 22, 2015Last modified by jordan@instructure.com on Sep 22, 2015
Version 2Show Document
  • View in full screen mode

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

 

  Release Date:2013-04-01  (Last update can be found below the document title)
  Description:XSS Attack Vulnerability
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:

Exposure of Sensitive Information

Cross Site Scripting

  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:Kamil Sevi @kamilsevi
  Relevant Changesets:

https://github.com/instructure/canvas-lms/commit/df9162a6f404ada862fcee37743b8aba2ea53d23


 

Summary:

A cross-site scripting vulnerability was reported by a third party. This vulnerability could potentially allow an attacker to steal the private information of a user logged in to Canvas.

 

Status:

Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.

 

 


Attachments

    Outcomes