CVE-2023-28331, GHSA-77jm-f3vj-xvx2
packagist/moodle/moodle
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Content output by the database auto-linking filter required additional sanitizing to prevent an XSS risk.
All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2
Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.
2023-03-24
source |