We have released a patch (which is attached to this email) for cross-site scripting (XSS) vulnerability in edx-platform edit chapter page.
Affected repo: edx-platform
Branches: Ironwood, master
Without this patch, it was possible to execute scripts if they are present in error messages in edit chapter page, as a result, the malicious script can access any cookies, session tokens, or other sensitive information retained by the browser.
We advise you to patch your instances as soon as possible; We have merged the fix to our public repo. Let us know if you have any questions.
ironwood_xss_lint.patch (907 Bytes)