EPSS
Percentile
32.7%
Moodle is vulnerable to cross-site scripting (XSS) attacks. The application does not sanitize the $subject parameter in the contact form on the “non-respondents” page, allowing a malicious user to inject and execute arbitrary web script.
$subject
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-59972
moodle.org/mod/forum/discuss.php?d=358585