THREAT OPS › Threat News › Re: Skillable SCORM launch: userId parameter not validated against session token allows allocation bypass and cross-user DoS
Re: Skillable SCORM launch: userId parameter not validated against session token allows allocation bypass and cross-user DoS
<p>Posted by Solar Designer on Jul 12</p>Hi,<br /> <br /> I'm sorry I let this message through (as a moderator). It shouldn't be<br /> in here since it's about a hosted service and lacks open source focus.<br /> We generally don't let this sort of disclosures through to oss-security,<br /> and upon a closer look I see no reason to have made an exception this<br /> time. Well,
Original source: https://seclists.org/oss-sec/2026/q3/121