CVE-2021-36398
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle
Identifiers
CVE-2021-36398, GHSA-786g-xv8v-9h93
Package Slug
packagist/moodle/moodle
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
In moodle, ID numbers displayed in the web service token list required additional sanitizing to prevent a stored XSS risk.
Affected Versions
Version 3.11.0
Solution
Upgrade to version 3.11.1 or above.
Last Modified
2023-03-08
| source |