First published: Tue Aug 16 2022(Updated: )
In Moodle before 3.9.1, 3.8.4 and 3.7.7, the filter in the admin task log required extra sanitizing to prevent a reflected XSS risk.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | >=3.7.0<3.7.7 | |
Moodle Moodle | >=3.8.0<3.8.4 | |
Moodle Moodle | =3.9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-14320 is a vulnerability in Moodle before versions 3.9.1, 3.8.4, and 3.7.7 that allows for a reflected XSS risk in the filter of the admin task log.
CVE-2020-14320 affects Moodle versions before 3.9.1, 3.8.4, and 3.7.7 by posing a risk of reflected XSS through the filter in the admin task log.
The severity of CVE-2020-14320 is rated as medium with a CVSS score of 6.1.
To fix CVE-2020-14320, it is recommended to upgrade Moodle to version 3.9.1, 3.8.4, or 3.7.7, where the vulnerability is patched.
More information about CVE-2020-14320 can be found at the following link: https://moodle.org/mod/forum/discuss.php?d=407392