CVE-2020-25628

State: PUBLISHED · Published: 2020-12-08 · Updated: 2024-08-04 · Assigner: redhat

Description

The filter in the tag manager required extra sanitizing to prevent a reflected XSS risk. This affects 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

CWE

CWE-79 — CWE-79

Affected

n/a / Moodle — v=3.9 to 3.9.1 [affected]; v=3.8 to 3.8.4 [affected]; v=3.7 to 3.7.7 [affected]; v=3.5 to 3.5.13 [affected]; v=earlier unsupported versions [affected]

CVSS

(none)

References

http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-69340 x_refsource_MISC
https://moodle.org/mod/forum/discuss.php?d=410840 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2020/25xxx/CVE-2020-25628.json