MSA-16-0003: Incorrect capability check when displaying
users emails in Participants list
-
MSA-16-0004: XSS from profile fields from external db
-
MSA-16-0005: Reflected XSS in mod_data advanced search
MSA-16-0006: Hidden courses are shown to students in Event
Monitor
MSA-16-0007: Non-Editing Instructor role can edit exclude
checkbox in Single View
MSA-16-0008: External function get_calendar_events return
events that pertains to hidden activities
-
MSA-16-0009: CSRF in Assignment plugin management page
MSA-16-0010: Enumeration of category details possible without
authentication
MSA-16-0011: Add no referrer to links with _blank target
attribute
MSA-16-0012: External function mod_assign_save_submission
does not check due dates