|Release Date:||2014-06-10 (Last update can be found below the document title)|
|Description:||SpeedGrader XSS vulnerability|
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Impact:||Insertion of arbitrary HTML code|
|Systems Affected:||Canvas LMS|
|Discovered By:||Customer reported and internal audit|
A bug in HTML validation code allowed for the insertion of arbitrary HTML code into the Canvas application.
Fixed in Canvas Cloud as of 6/10/2014. Users of Canvas CV are encouraged to either update to the most recent stable code or apply the patch manually.