cancel
Showing results for 
Search instead for 
Did you mean: 

2014-11-07 Instructure Advisory IAC31137 - Multiple stored XSS vulnerabilities

jordan
Community Champion
0 0 273

    SECURITY UPDATE

Canvas + Logo transparent (WHITE)- 300px.png

  Release Date:2014-11-07  (Last update can be found below the document title)
  Description:Multiple stored XSS vulnerabilities
  Criticality Level:Moderately Critical ( Less Critical < Critical < Moderately Critical < Highly Critical )
  Impact:Insertion of arbitrary HTML code
  Systems Affected:Canvas LMS
  Solution Status:Patched
  Discovered By: Internal audit
  Relevant Changesets:

fix html escaping on content migrations page · instructure/canvas-lms@08761ca · GitHub


Summary:

               During a routine security audit of the Canvas code base and platform, a number of cross site scripting vulnerabilities were identified. Once identified and                confirmed, these vulnerabilities were patched by the Instructure engineering team.

Status:

All systems were patched as of 15:32 MT on 11/6/2014


Labels