First published: Tue Dec 08 2020(Updated: )
A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Moodle Moodle | >=3.7.0<3.7.8 | |
Moodle Moodle | >=3.8.0<3.8.5 | |
Moodle Moodle | >=3.9.0<3.9.2 | |
composer/moodle/moodle | >=3.7<3.7.8 | 3.7.8 |
composer/moodle/moodle | >=3.8<3.8.5 | 3.8.5 |
composer/moodle/moodle | >=3.9<3.9.2 | 3.9.2 |
>=3.7.0<3.7.8 | ||
>=3.8.0<3.8.5 | ||
>=3.9.0<3.9.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.