EPSS
Percentile
40.0%
Moodle is vulnerable to cross-site scripting (XSS) attacks. The attacks exist because message/lib.php does not sanitize the user-supplied messages properly.
message/lib.php
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-41941
openwall.com/lists/oss-security/2013/11/25/1
git.moodle.org/gw?p=moodle.git;a=commit;h=1555e10cdf0f643707c437791c3ded591fd7c6d5
moodle.org/mod/forum/discuss.php?d=244480