**This project will be closed in early 2023!** IMS QTI 2.1 assessment delivery engine and Java development library (JQTI+). Supports the MathAssess extensions. Replacement for QTIEngine/JQTI and MathAssessEngine/JQTI. Note that this project has now ended and no further work is currently planned.
Other
67
stars
55
forks
source link
Security: XSS vulnerabilities in some instructor interface pages #45
There are a small number of instances of client input not being escaped when being inserted back into HTML page content, leading to potential cross-site scripting (XSS) vulnerabilities.
The affected pages are the system/instructor user login page, the create delivery page, edit delivery page and the 'show candidate session' pages.
There are a small number of instances of client input not being escaped when being inserted back into HTML page content, leading to potential cross-site scripting (XSS) vulnerabilities.
The affected pages are the system/instructor user login page, the create delivery page, edit delivery page and the 'show candidate session' pages.
A new release of QTIWorks (1.0-beta7) fixes these problems and has been rolled out to https://webapps.ph.ed.ac.uk/qtiworks
All users running their own QTIWorks deployments are advised to upgrade to beta7 as soon as possible.