CVE-2021-20186: Cross-site Scripting

January 28, 2021 (updated February 1, 2021)

It was found in Moodle that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

References

moodle.org/mod/forum/discuss.php?d=417170
nvd.nist.gov/vuln/detail/CVE-2021-20186

Code Behaviors & Features

Detect and mitigate CVE-2021-20186 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →