Description
In Moodle 3.2.2+, there is XSS in the Course summary filter of the "Add a new course" page, as demonstrated by a crafted attribute of an SVG element.
Remediation
References
Related Vulnerabilities
Drupal Core 7.x Arbitrary File Overwrite (7.0 - 7.77)
Oracle JRE CVE-2013-1484 Vulnerability (CVE-2013-1484)
OpenSSL NULL Pointer Dereference Vulnerability (CVE-2009-1387)
Atlassian Jira Authorization Bypass Through User-Controlled Key Vulnerability (CVE-2021-41305)
Apache Tomcat Improperly Implemented Security Check for Standard Vulnerability (CVE-2017-15706)