Cross Site Scripting (XSS)

Moodle is vulnerable to cross-site scripting XSS. An attacker is able to inject and execute malicious script in a user's browser via Text-based feedback answers...

Moodle cross-site scripting vulnerability (CNVD-2021-28733)

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from Text-based feedback answers. No details of the vulnerability a...

CVE-2021-20280

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17...

CVE-2021-20280

CVE-2021-20280 affects Moodle before versions 3.10.2, 3.9.5, 3.8.8, and 3.5.17. The issue is due to insufficient sanitization of text-based feedback answers, leading to stored XSS and blind SSRF risks. Several connected sources reiterate the same description and tie the vulnerability to moodle’s ...

Moodle 跨站脚本漏洞

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a cross-site scripting vulnerability that stems from Text-based feedback answers. No details of the vulnerability a...