CVE-2021-43558
packagist/moodle/moodle
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A URL parameter in the filetype site administrator tool requires extra sanitizing to prevent a reflected XSS risk.
All versions up to 3.8.8, all versions starting from 3.9.0 before 3.9.11, all versions starting from 3.10.0 before 3.10.8, all versions starting from 3.11.0 before 3.11.4
Upgrade to versions 3.8.9, 3.9.11, 3.10.8, 3.11.4 or above.
2021-11-30
source |