moodle/moodle is vulnerable to Cross-Site Scripting (XSS). The vulnerability is caused by the filter
function in filter.php
when the algebra filter code is not available, which allows an attacker to inject and execute arbitrary JavaScript into the browser.
git.moodle.org/gw?p=moodle.git;a=commitdiff;h=9f178c1f816e78ec024ab16a10192c81305b2624
github.com/moodle/moodle/commit/3caeef44d203c4109944a3e97621ec0eee11ac3d
github.com/moodle/moodle/commit/b436508b24ca7c37dcb47b561cdf07767349c1e1
github.com/moodle/moodle/commit/f0572261547574ff10e83f528f4f1fb29e5ef673
github.com/moodle/moodle/commit/f99ae1651ae56c80a3be353868d4be0bbe80321f
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
lists.fedoraproject.org/archives/list/[email protected]/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
moodle.org/mod/forum/discuss.php?d=445064