WEB APPLICATION VULNERABILITIES Standard & Premium

Moodle Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2021-20280)

Description

Text-based feedback answers required additional sanitizing to prevent stored XSS and blind SSRF risks in moodle before 3.10.2, 3.9.5, 3.8.8, 3.5.17.

Remediation

References

Related Vulnerabilities

WordPress Plugin BuddyPress Docs Security Bypass (1.9.2)

WordPress Plugin NextScripts:Social Networks Auto-Poster Unspecified Vulnerability (4.3.2)

MySQL CVE-2023-21980 Vulnerability (CVE-2023-21980)

MyBB Other Vulnerability (CVE-2007-2212)

WordPress Plugin SendPress Newsletters Cross-Site Scripting (1.20.7.10)

Severity

Medium

Classification

CVE-2021-20280 CWE-707 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Tags

Missing Update Known Vulnerabilities