CVE-2020-25631

State: PUBLISHED · Published: 2020-12-08 · Updated: 2024-08-04 · Assigner: redhat

Description

A vulnerability was found in Moodle 3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 where it was possible to include JavaScript in a book's chapter title, which was not escaped on the "Add new chapter" page. This is fixed in 3.9.2, 3.8.5 and 3.7.8.

CWE

CWE-79 — CWE-79

Affected

n/a / Moodle — v=3.9 to 3.9.1, 3.8 to 3.8.4 and 3.7 to 3.7.7 [affected]

CVSS

(none)

References

https://moodle.org/mod/forum/discuss.php?d=410843 x_refsource_CONFIRM

Source

cvelistV5-main/cves/2020/25xxx/CVE-2020-25631.json