You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This repository serves as a directory of both the writeups and the proof-of-concept for the investigation in to XSS vulnerabilities in the aforementioned peices of software
5
+
This repository serves as a directory of both the writeups and the proof-of-concept for the investigation in to XSS vulnerabilities in the aforementioned peices of software.
7
6
8
-
###Vulnerabities
9
-
####XSS
7
+
## Vulnerabities
8
+
### XSS
10
9
10
+
| Component Tested | Is XSS possible? | Under what circumstances? | Possibly affected user groups | CVSS Attributed |
| User Portfolio/Locker | Yes | HTML files in a user's portfolio | Learners, Instructors | 5.4 (medium) |
19
+
20
+
### Timer
21
+
22
+
The timer on quiz assignments is client-side only, the server does not check the submission time, hence by disabling the timer client side we effectively disable the timer.
The aforementioned code and documents are protected and released to the public under the Creative Commons Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) License which can be viewed in license.md or on the Creative Commons website (https://creativecommons.org/licenses/by-nc/4.0/). Any failure to comply with the terms designated in the license will be met with swift judicial action by the author.
29
+
30
+
By downloading, executing or otherwise transferring the contents of this repository by any means you are legally bound to the terms stipulated in the license.
0 commit comments