moodle is vulnerable to cross-site scripting (XSS) attacks. The library does not properly sanitize the event name parameter of the calendar, allowing a trusted user to inject and execute arbitrary Javascript through it.
CPE | Name | Operator | Version |
---|---|---|---|
moodle/moodle | le | 3.1.9 | |
moodle/moodle | le | 3.3.3 | |
moodle/moodle | le | 3.2.6 |