Headline
GHSA-7rw2-3hhp-rc46: Cross-site Scripting Vulnerability in Statement Browser
Impact
A maliciously crafted xAPI statement could be used to perform script or other tag injection in the LRS Statement Browser.
Patches
The problem is patched in version 1.2.17 of the LRS library and version 0.7.5 of SQL LRS.
Workarounds
No workarounds exist, we recommend upgrading to version 1.2.17 of the library or version 0.7.5 of SQL LRS immediately.
References
Cross-site Scripting Vulnerability in Statement Browser
Moderate severity GitHub Reviewed Published Feb 20, 2024 in yetanalytics/lrs • Updated Feb 21, 2024