EPSS
Percentile
72.7%
moodle is vulnerable to cross-site scripting (XSS). The library does not use a sesskey (CSRF) token during loading/unloading XML files.
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53689
www.securityfocus.com/bid/109175
bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10186
moodle.org/mod/forum/discuss.php?d=388567#p1566329