5 matches found
CVE-2020-25631
A flaw was found in Moodle in versions 3.9 to 3.9.1, 3.8 to 3.8.4, and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This issue is fixed in versions 3.9.2, 3.8.5, and 3.7.8...
Moodle 3.7.x < 3.7.8, 3.8.x < 3.8.5, 3.9.x < 3.9.2 Input Escape Vulnerability
Moodle is prone to an input escape vulnerability. Copyright C 2020 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2020-25631
creationtimestamp| type| source ---|---|--- 2020-12-08 07:30:43+00:00| seen| https://t.me/cibsecurity/17230...
CVE-2020-25631
A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8...
CVE-2020-25631
CVE-2020-25631 affects Moodle prior to fixed versions: 3.9.2, 3.8.5, and 3.7.8 fix a cross-site scripting issue where JavaScript could be inserted into a book chapter title on the Add new chapter page for Moodle 3.9–3.9.1, 3.8–3.8.4, and 3.7–3.7.7. Affected releases should upgrade to the correspo...