Description
The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).
Remediation
References
Related Vulnerabilities
ownCloud Improper Privilege Management Vulnerability (CVE-2020-36251)
Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-9788)
Apache Tomcat Incorrect Default Permissions Vulnerability (CVE-2020-8022)
MySQL CVE-2018-3203 Vulnerability (CVE-2018-3203)
WordPress Plugin FormGet Contact Form Cross-Site Scripting (5.3)