CVE-2021-20186

MEDIUM5.4EPSS 0.53%

Moodle Cross-site Scripting

發布日:2022/5/24修改日:2024/4/23

也稱為:GHSA-h8m4-h385-qhqvBIT-moodle-2021-20186

描述

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that if the TeX notation filter was enabled, additional sanitizing of TeX content was required to prevent the risk of stored XSS.

受影響套件(2)

Bitnami/moodlefrom 0, < 3.5.16, >= 3.8.0, < 3.8.7, >= 3.9.0, < 3.9.4, >= 3.10.0, < 3.10.1
Packagist/moodle/moodle>= 3.10, < 3.10.1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

參考連結(3)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-20186
PATCHhttps://github.com/moodle/moodle
WEBhttps://moodle.org/mod/forum/discuss.php?d=417170