CVE-2021-20280

MEDIUM5.4EPSS 0.88%

Cross-site scripting (XSS) and Server side request forgery (SSRF) in moodle

發布日:2021/3/29修改日:2025/4/3

描述

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Bitnami/moodle>= 3.5.0, < 3.5.17, >= 3.8.0, < 3.8.8, >= 3.9.0, < 3.9.5, >= 3.10.0, < 3.10.2
Packagist/moodle/moodle>= 3.10, < 3.10.2

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N