Moodle stored Cross-site Scripting (XSS)

2024-05-3121:30:52

Google

osv.dev

moodle

stored xss risk

equation editor

software

5.5 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Additional sanitizing was required when opening the equation editor to prevent a stored Cross-site Scripting (XSS) risk when editing another user’s equation.

CPENameOperatorVersion
moodle/moodleeq3.9.0
moodle/moodleeq3.10.0-rc1
moodle/moodleeq3.5.3
moodle/moodleeq4.0.7
moodle/moodleeq3.1.18
moodle/moodleeq3.5.1
moodle/moodleeq2.3.10
moodle/moodleeq3.2.9
moodle/moodleeq3.0.5
moodle/moodleeq3.5.0-beta

Name	Operator	Version
moodle/moodle	eq	3.9.0
moodle/moodle	eq	3.10.0-rc1
moodle/moodle	eq	3.5.3
moodle/moodle	eq	4.0.7
moodle/moodle	eq	3.1.18
moodle/moodle	eq	3.5.1
moodle/moodle	eq	2.3.10
moodle/moodle	eq	3.2.9
moodle/moodle	eq	3.0.5
moodle/moodle	eq	3.5.0-beta