cancel
Showing results for 
Search instead for 
Did you mean: 

2014-11-07 Instructure Advisory IAC31137 - Multiple stored XSS vulnerabilities*

jordan
Community Champion
0 0 241

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

  Release Date:2014-11-07  (Last update can be found below the document title)
  Description:

Multiple cross site scripting vulnerabilities were   discovered within the Canvas codebase during a routine security audit. The cross site scripting vulnerabilities could allow for the insertion and storage of arbitrary HTML code into the Canvas application.

  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:Insertion of arbitrary HTML code
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By:Internal audit
  Relevant Changesets:

fix html escaping on content migrations page · instructure/canvas-lms@08761ca · GitHub 


Summary:

During a routine security audit of the Canvas code base and platform, a number of cross site scripting vulnerabilities were identified. Once identified and confirmed, these vulnerabilities were patched by the Instructure engineering team.

Status:

All systems were patched as of 15:32 MT on 11/6/2014


Labels