CVE-2021-36401
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle
Identifiers
CVE-2021-36401, GHSA-g6h6-4fp6-w33w
Package Slug
packagist/moodle/moodle
Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Description
In Moodle, ID numbers exported in HTML data formats required additional sanitizing to prevent a local stored XSS risk.
Affected Versions
All versions before 3.9.8, all versions starting from 3.10.0 before 3.10.5, all versions starting from 3.11.0-beta before 3.11.1
Solution
Upgrade to versions 3.9.8, 3.10.5, 3.11.1 or above.
Last Modified
2023-03-08
| source |