experiment 5

Owned by Former user (Deleted)
Last updated: Aug 07, 2010Version comment
2 min read

rSMART CLE

DESCRIPTION

CLE-4438
CLE-4759
CLE-6025
CLE-6026
CLE-6027
CLE-6028
CLE-6029
CLE-6030
CLE-6031
CLE-6032
CLE-6033
CLE-6034
CLE-6035
CLE-6039
CLE-6040
CLE-6041
CLE-6024
CLE-6043
CLE-6044
CLE-6045
CLE-6046
CLE-6047
CLE-6049
CLE-6050
CLE-6051
CLE-6052
CLE-6063

add irubric integration
 Implement the Full Screen editor AND the preview button in FCK in Sakai
Security: Students can delete syllabus attachments (file, link, and Resource types) by directly accessing the corresponding syllabus edit interfaces
Security: Title of citation list is open to XSS attack
merge fro XSS attack possible in Site Information Display
merge Security: Insure that the /portal/tool url checks functions.require before allowing access to the Tool
 merge for Security: editing a file using webDAV silently changes group access to a file
Security: XSS attack possible via blogs
Security: XSS attack via folder names in messages
Security: Announcements/MOTD RSS Alias trusts input
Security: HTTP response splitting found by static code review
Security: XSS attack in rwiki
Security: Anon user can create a new user with a specific id
Security: Possible to find admin user ids
Security: A student can upload attachments to the site via the Syllabus, Assignments, and Announcements sections
Security: student can view the grades of other students in Gradebook via the studentView bean
Security: UserdirectoryService allows any user to edit their Eid, merge from sakai
Security: SQL Injection possible in user membership search
Security: loading unreasonably large spreadsheet hangs sakai
Security: XSS attack possible in Assignments
Security: A student can view the submissions, submission attachments, and grades (when released) of other students if the submission ID is known.
Security: Students can change options for announcement view globally for all users
Security: Importing a gradebook, exposes gradebook to an XSS attack via the import text files text title.
Security: email attachments are publicly accessible
Security: A student can view statistics for the Forums
Security; XSS through Forums title and description when deleting
 import gradebook2 1.3.0-rc1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Â