|Release Date:||2014-11-07 (Last update can be found below the document title)|
Multiple cross site scripting vulnerabilities were discovered within the Canvas codebase during a routine security audit. The cross site scripting vulnerabilities could allow for the insertion and storage of arbitrary HTML code into the Canvas application.
|Criticality Level:||Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )|
|Impact:||Insertion of arbitrary HTML code|
|Systems Affected:||Canvas LMS|
|Discovered By:||Internal audit|
During a routine security audit of the Canvas code base and platform, a number of cross site scripting vulnerabilities were identified. Once identified and confirmed, these vulnerabilities were patched by the Instructure engineering team.
All systems were patched as of 15:32 MT on 11/6/2014