First published: Fri Aug 05 2022(Updated: )
In Moodle 3.8, messages required extra sanitizing before updating the conversation overview, to prevent the risk of stored cross-site scripting.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | =3.8.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-1691.
The severity of CVE-2020-1691 is medium.
CVE-2020-1691 affects Moodle version 3.8.0.
CVE-2020-1691 poses a risk of stored cross-site scripting.
To fix CVE-2020-1691, it is recommended to update to a patched version of Moodle.