CVE-2021-36399

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle

Identifiers

CVE-2021-36399, GHSA-79jp-m64f-pgrc

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

In Moodle, ID numbers displayed in the quiz override screens required additional sanitizing to prevent a stored XSS risk.

Affected Versions

Version 3.11.0

Solution

Upgrade to version 3.11.1 or above.

Last Modified

2023-03-09

source