PT-2020-16164 · Moodle+1 · Moodle+1
Degrangem
·
Published
2020-11-08
·
Updated
2024-03-06
·
CVE-2020-25702
CVSS v3.1
6.1
Medium
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Moodle versions 3.9 through 3.9.2
Description
The issue allowed including JavaScript when re-naming content bank items. This is fixed in Moodle versions 3.9.3 and 3.10.
Recommendations
For versions 3.9 through 3.9.2, update to version 3.9.3 or 3.10 to resolve the issue.
As a temporary workaround, consider restricting the ability to re-name content bank items until a patch is applied.
Fix
XSS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Moodle