CVE-2013-5706

Name of the Vulnerable Software and Affected Versions Coursemill Learning Management System (LMS) version 6.8

Description The issue concerns multiple cross-site scripting (XSS) vulnerabilities. These vulnerabilities allow remote attackers to inject arbitrary web script or HTML. The injection can occur via vectors related to error messages and specifically through crafted event attributes or the use of > (greater than) characters that are optional within a browser's HTML implementation.

Recommendations For Coursemill Learning Management System (LMS) version 6.8, update to a version that includes a fix for these XSS vulnerabilities. As a temporary workaround, consider restricting user input to prevent the injection of arbitrary web script or HTML, especially in areas related to error messages and event attributes.