CVE-2021-43558

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in packagist/moodle/moodle

Identifiers

CVE-2021-43558

Package Slug

packagist/moodle/moodle

Vulnerability

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Description

A URL parameter in the filetype site administrator tool requires extra sanitizing to prevent a reflected XSS risk.

Affected Versions

All versions up to 3.8.8, all versions starting from 3.9.0 before 3.9.11, all versions starting from 3.10.0 before 3.10.8, all versions starting from 3.11.0 before 3.11.4

Solution

Upgrade to versions 3.8.9, 3.9.11, 3.10.8, 3.11.4 or above.

Last Modified

2021-11-30

source