CVE-2023-28332, GHSA-9f45-9qrw-pp4v
packagist/moodle/moodle
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
If the algebra filter was enabled but not functional (eg the necessary binaries were missing from the server), it presented an XSS risk.
All versions before 3.9.20, all versions starting from 3.11.0 before 3.11.13, all versions starting from 4.0.0 before 4.0.7, all versions starting from 4.1.0 before 4.1.2
Upgrade to versions 4.0.7, 4.1.2, 3.9.20, 3.11.13 or above.
2023-03-24
source |