|Release Date:||2013-04-01 (Last update can be found below the document title)|
|Description:||XSS Attack Vulnerability|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
Exposure of Sensitive Information
Cross Site Scripting
|Systems Affected:||Canvas LMS|
|Discovered By:||Kamil Sevi @kamilsevi|
A cross-site scripting vulnerability was reported by a third party. This vulnerability could potentially allow an attacker to steal the private information of a user logged in to Canvas.
Fixed in Canvas Cloud. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.