EPSS
Percentile
41.8%
Moodle is vulnerable to cross-site scripting (XSS) attacks. A malicious user can inject and execute arbitrary webscript through additionalhtmlhead, additionalhtmltopofbody, or additionalhtmlfooter.
additionalhtmlhead
additionalhtmltopofbody
additionalhtmlfooter
github.com/moodle/moodle/blob/6bb80a1917456c237447c56e57852f338e9b8303/admin/settings/appearance.php#L248
packetstormsecurity.com/files/139466/Moodle-CMS-3.1.2-Cross-Site-Scripting-File-Upload.html